CVE-2026-8176
— LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDO…
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin cha…
Remote
|
Authentication
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resultin…
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-54198
— WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) v…
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-54197
— WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.
Remote
|
Information Disclosure
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-54191
— WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Remote
|
Cross-Site Scripting
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-54190
— WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-52715
— WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-52714
— WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerabil…
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-52712
— WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-52711
— WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-49774
— WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion.
This issue affects RD Station: from n/a through 5.6.0.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-49772
— WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection.
This issue affects The Ev…
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40809
— WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Metro Magazine: from n/a through 1.4.1.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-39581
— WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vuln…
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-39574
— WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-39490
— WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-39437
— WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflecte…
Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions.
Remote
|
Cross-Site Scripting
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-2381
— WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated O…
The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions…
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-10825
— Improper JSON Input Validation in WebSocket API Leads to Denial of Service
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted …
Remote
|
Denial of Service
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2025-68045
— WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
Remote
|
Authorization
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
