Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-49107 — WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49084 — WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.2 HIGH
CVE-2026-49081 — WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49079 — WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49076 — WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-49075 — WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability

Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-49074 — WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-49072 — WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-49071 — WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.

woocommerce_dropshipping | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-49058 — WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-48967 — WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability

Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-48875 — WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-45436 — WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-42629 — WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerabil…

Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-42385 — WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-42380 — WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-41557 — WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40783 — WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerabil…

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.3 HIGH
CVE-2026-40768 — WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (ID…

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-40765 — WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7619 Results