Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-61976 — WordPress JetBlocks For Elementor plugin <= 1.5.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects Je…

Remote | Information Disclosure
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-61975 — WordPress JetReviews plugin <= 3.0.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: fr…

jetreviews | Remote | Information Disclosure
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
2.7 LOW
CVE-2026-61971 — WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR)…

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This…

user_profile_picture | Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
4.9 MEDIUM
CVE-2026-61970 — WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request…

Server-Side Request Forgery (SSRF) vulnerability in Themeisle Auto Featured Image (Auto Post Thumbnail) auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image (…

Remote | Server-Side Request Forgery
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.4 MEDIUM
CVE-2026-61968 — WordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 3.1.2.

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.4 MEDIUM
CVE-2026-61958 — WordPress License Manager for WooCommerce plugin <= 3.0.17 - Arbitrary Content Deletion v…

Missing Authorization vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-61956 — WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forge…

Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام &#8211; همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام &#8211; همگام سازی ووکا…

Remote | Cross-Site Request Forgery
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.6 HIGH
CVE-2026-61955 — WordPress گرویتی فرم فارسی plugin <= 3.0.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویت…

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
4.9 MEDIUM
CVE-2026-61952 — WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin <= 1.8.21 - Broken Acce…

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This i…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-59523 — WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulner…

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Si…

simply_schedule_appointments | Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.2 HIGH
CVE-2026-59521 — WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through <= 3.1.15.

real_testimonials | Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.8 CRITICAL
CVE-2026-59518 — WordPress Directorist plugin <= 8.8.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through <= 8.8.2.

directorist | Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-59516 — WordPress ICS Calendar plugin <= 12.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects …

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.3 CRITICAL
CVE-2026-59515 — WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sergey AIWU ai-copilot-content-generator allows Blind SQL Injection.This issue affects AIWU: from…

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57816 — WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.8 - Cross Site Scripting (XSS) vul…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows Reflected XSS.This issue affects Funn…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.5 HIGH
CVE-2026-57815 — WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue af…

Remote | Path Traversal
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57814 — WordPress Forminator plugin <= 1.55.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This iss…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.8 CRITICAL
CVE-2026-57813 — WordPress MailOptin plugin <= 1.2.77.3 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through <= 1.2.77.3.

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-57812 — WordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnera…

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Si…

simply_schedule_appointments | Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
10.0 CRITICAL
CVE-2026-57811 — WordPress Realtyna Organic IDX plugin plugin <= 5.2.0 - Remote Code Execution (RCE) vulne…

Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realty…

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
Showing 20 of 7305 Results