Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-42754 — WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.3 HIGH
CVE-2026-42753 — WordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: …

Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-42751 — WordPress Booking Manager plugin <= 2.1.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: f…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-42750 — WordPress WPComplete plugin <= 2.9.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nexcess WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42749 — WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken …

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issu…

Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.9 CRITICAL
CVE-2026-42748 — WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.…

Remote | Misconfiguration
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.3 CRITICAL
CVE-2026-42747 — WordPress Easy Form Builder plugin <= 4.0.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects …

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.3 HIGH
CVE-2026-42746 — WordPress Smart Online Order for Clover plugin <= 1.6.0 - Sensitive Data Exposure vulnera…

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online O…

Remote | Information Disclosure
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.3 HIGH
CVE-2026-42745 — WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerabi…

Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order…

Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-42744 — WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a …

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.3 CRITICAL
CVE-2026-42740 — WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a throu…

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42739 — WordPress Advanced IP Blocker plugin <= 8.10.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced …

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42738 — WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vuln…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects S…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.6 HIGH
CVE-2026-42737 — WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Arbitrary File Deletion…

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikB…

Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.5 HIGH
CVE-2026-42736 — WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR)…

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff…

Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
8.2 HIGH
CVE-2026-42735 — WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: f…

Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42734 — WordPress Geo Mashup plugin <= 1.13.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a t…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42733 — WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through …

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-42732 — WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a thr…

Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.8 CRITICAL
CVE-2026-42731 — WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a…

Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
Showing 20 of 6188 Results