Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-42688 — WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerabili…

Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.

modula_image_gallery | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.1 HIGH
CVE-2026-42687 — WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-42686 — WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-42668 — WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentic…

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-42667 — WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-42666 — WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-42665 — WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.2 HIGH
CVE-2026-42664 — WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - B…

Unauthenticated Broken Access Control in AI Product Search for WooCommerce &#8211; Motive Commerce Search <= 1.38.2 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-42663 — WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-42662 — WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-42661 — WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-42660 — WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-42659 — WordPress Advanced Form Integration plugin <= 1.126.12 - Broken Access Control vulnerabil…

Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-42658 — WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-42657 — WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-42656 — WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-42655 — WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.3 MEDIUM
CVE-2026-42651 — WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-42650 — WordPress AutomatorWP plugin <= 5.6.7 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-42649 — WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6856 Results