Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-39507 — WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-39503 — WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.

easy_digital_downloads | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-39502 — WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39499 — WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP…

Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39498 — WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-39493 — WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.

simply_schedule_appointments | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-39492 — WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-39491 — WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
4.4 MEDIUM
CVE-2026-39489 — WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability

Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.

download_monitor | Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39481 — WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability

Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.

modula_image_gallery | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-39480 — WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-39478 — WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object I…

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-39474 — WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.

post_duplicator | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39472 — WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection …

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39471 — WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability

Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 versions.

image_optimizer | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39470 — WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vul…

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.8 MEDIUM
CVE-2026-39468 — WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File …

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions.

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.1 CRITICAL
CVE-2026-39465 — WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE)…

Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39463 — WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.3 MEDIUM
CVE-2026-39451 — WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerabili…

Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6857 Results