Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-39450 — WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39449 — WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.

contact_form_to_any_api | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39447 — WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vu…

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.

simply_schedule_appointments | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-39441 — WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerabi…

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39435 — WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39434 — WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-34902 — WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vul…

Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.

woocommerce_product_table_lite | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-34901 — WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-34900 — WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-34898 — WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control v…

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-34892 — WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability

Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-34891 — WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure…

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-34886 — WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-27407 — WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Editor Privilege Escalation in AI Engine <= 3.4.9 versions.

ai_engine | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.1 HIGH
CVE-2026-27333 — WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted dat…

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site <= 7.3.23 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-27089 — WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-27053 — WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.3 MEDIUM
CVE-2026-25440 — WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerabi…

Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.

essential_addons_for_elementor | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-25425 — WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.5 HIGH
CVE-2026-24637 — WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability

Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6856 Results