Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-52714 — WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerabil…

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.6 HIGH
CVE-2026-52712 — WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability

Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.5 HIGH
CVE-2026-52711 — WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.9 CRITICAL
CVE-2026-49774 — WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.3 CRITICAL
CVE-2026-49772 — WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Ev…

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
6.5 MEDIUM
CVE-2026-40809 — WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Metro Magazine: from n/a through 1.4.1.

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.5 HIGH
CVE-2026-39581 — WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vuln…

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.3 CRITICAL
CVE-2026-39574 — WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.5 HIGH
CVE-2026-39490 — WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.1 HIGH
CVE-2026-39437 — WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflecte…

Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions.

Remote | Cross-Site Scripting
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
6.5 MEDIUM
CVE-2026-2381 — WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated O…

The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions…

stripe_payment_gateway | Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.1 HIGH
CVE-2026-10825 — Improper JSON Input Validation in WebSocket API Leads to Denial of Service

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted …

Remote | Denial of Service
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.5 HIGH
CVE-2025-68045 — WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.8 HIGH
CVE-2026-8444 — WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrev…

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is du…

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
0.0 NA
CVE-2026-46331 — net/sched: fix pedit partial COW leading to page cache corruption

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable(…

linux_kernel | Memory Corruption
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
6.4 MEDIUM
CVE-2026-10093 — File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site …

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due…

Remote | Cross-Site Scripting
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
6.3 MEDIUM
CVE-2025-9912 — A local privilege escalation vulnerability in Nokia SR Linux

Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser …

| Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
5.3 MEDIUM
CVE-2026-9187 — Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post…

The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This is due to a missing capability check and missing no…

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.8 HIGH
CVE-2026-8443 — WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' P…

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and includ…

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.8 HIGH
CVE-2026-6933 — Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote …

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function …

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Showing 20 of 6928 Results