Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-42761 — WordPress Active Products Tables for WooCommerce plugin <= 1.0.9 - SQL Injection vulnerab…

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows B…

woot | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.5 HIGH
CVE-2026-42760 — WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication…

Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup…

backup_and_staging_by_wp_time_capsule | Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42759 — WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate S…

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.8 CRITICAL
CVE-2026-42758 — WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.

webinarignition | Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.9 CRITICAL
CVE-2026-42757 — WordPress WebinarIgnition plugin < 4.08.253 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects Webi…

webinarignition | Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.9 CRITICAL
CVE-2026-42756 — WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin <= …

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP &#8211; Compress / Optimize Images &amp; Convert WebP | SEO Friendly quickwebp all…

Remote | Path Traversal
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.3 CRITICAL
CVE-2026-42755 — WordPress TableOn plugin <= 1.0.5.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: …

tableon_-_wordpress_posts_table_filterable | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42754 — WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon…

favicon_by_realfavicongenerator | Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.3 HIGH
CVE-2026-42753 — WordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: …

wcfm_membership | Remote | Authorization
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-42751 — WordPress Booking Manager plugin <= 2.1.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: f…

booking_manager | Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-42750 — WordPress WPComplete plugin <= 2.9.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nexcess WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through <…

wpcomplete | Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42749 — WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken …

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issu…

Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.9 CRITICAL
CVE-2026-42748 — WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through <= 5.4.…

woo_czech | Remote | Misconfiguration
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.3 CRITICAL
CVE-2026-42747 — WordPress Easy Form Builder plugin <= 4.0.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects …

easy_form_builder | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.3 HIGH
CVE-2026-42746 — WordPress Smart Online Order for Clover plugin <= 1.6.0 - Sensitive Data Exposure vulnera…

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online O…

smart_online_order_for_clover | Remote | Information Disclosure
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.3 HIGH
CVE-2026-42745 — WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerabi…

Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order…

smart_online_order_for_clover | Remote | Authentication
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
6.5 MEDIUM
CVE-2026-42744 — WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a …

ads | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
9.3 CRITICAL
CVE-2026-42740 — WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a throu…

tainacan | Remote | Injection
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42739 — WordPress Advanced IP Blocker plugin <= 8.10.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced …

Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
7.1 HIGH
CVE-2026-42738 — WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vuln…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects S…

smart_online_order_for_clover | Remote | Cross-Site Scripting
May 27, 2026 May 27, 2026
May 27, 2026
May 27, 2026
Showing 20 of 6714 Results