CVE-2026-48872
— WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48871
— WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48870
— WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulner…
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48868
— WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR)…
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48867
— WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerabil…
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48838
— WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48836
— WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability
Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48835
— WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48709
— OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argu…
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any auth…
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48708
— OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Co…
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level va…
Remote
|
Race Condition
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48518
— MultiJuicer: Login CSRF allows attacker to force victims into their team
MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint (POST /multi-ju…
Remote
|
Cross-Site Request Forgery
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48124
— Cursor Desktop sandbox escape via Claude hook configuration
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without ded…
|
Misconfiguration
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-47825
— Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.
Af…
Remote
|
Misconfiguration
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-47261
— Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this access c…
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-45441
— WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-45439
— WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability
Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-45437
— WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS…
Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42775
— WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42752
— WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability
Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-42743
— WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
