CVE-2026-49766
— WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
Remote
|
Path Traversal
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49765
— WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms p…
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49764
— WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49763
— WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection v…
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49112
— WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49110
— WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vu…
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49109
— WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, …
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49106
— WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Objec…
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49105
— WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms p…
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49104
— WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formi…
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49085
— WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms…
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49083
— WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49082
— WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Servi…
Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49078
— WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49070
— WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49068
— WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49067
— WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49066
— WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49065
— WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulne…
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49063
— WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
