Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-40743 — WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

tutor_lms | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-40741 — WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerabil…

Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-40732 — WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.7 HIGH
CVE-2026-40727 — WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.4 MEDIUM
CVE-2026-39594 — WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability

Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.9 CRITICAL
CVE-2026-39591 — WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.

Remote | Misconfiguration
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.1 HIGH
CVE-2026-39587 — WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-39584 — WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability

Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-39583 — WordPress Datalogics Ecommerce Delivery plugin <= 2.6.62 - Privilege Escalation vulnerabi…

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-39579 — WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-39540 — WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS)…

Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-39534 — WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-39533 — WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-39532 — WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulner…

Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-39530 — WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.4 MEDIUM
CVE-2026-39527 — WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.

Remote
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-39525 — WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-39524 — WordPress Masteriyo - LMS plugin <= 2.1.5 - Payment Bypass vulnerability

Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-39519 — WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39518 — WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnera…

Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6861 Results