CVE-2025-69110
— WordPress AirSupply theme <= 2.0.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60223
— WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerab…
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60218
— WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60205
— WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-59563
— WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-59560
— WordPress Sonaar theme <= 4.27.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-58954
— WordPress HomeRoofer theme <= 2.11.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-58953
— WordPress Joly theme <= 1.22.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-58952
— WordPress Neuronet theme < 1.14.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-49403
— WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrar…
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2024-52488
— WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerabi…
Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2024-49269
— WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-12165
— Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUse…
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the `RegistryU…
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-12115
— Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import
The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of…
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-47340
— Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated us…
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-32967
— Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to versi…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-42357
— Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access wor…
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.
This issue affects Apache DolphinScheduler ver…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-41280
— Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system l…
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
This issue affects Apache DolphinScheduler versions prior to 3.4.2…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-32966
— Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Da…
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recomme…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40722
— WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Yoast SEO Premium: from n/a through 26.6.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
