Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-39547 — WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39539 — WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.8 CRITICAL
CVE-2026-39529 — WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39522 — WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Solene <= 3.4 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39446 — WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39443 — WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.3 CRITICAL
CVE-2026-39438 — WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability

Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
6.5 MEDIUM
CVE-2026-39433 — WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.

Remote | Authorization
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-34895 — WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-34894 — WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-34893 — WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.8 CRITICAL
CVE-2026-27429 — WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.8 CRITICAL
CVE-2026-27395 — WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.

support_board | Remote | Authentication
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.8 HIGH
CVE-2026-12256 — WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Avada <= 3.15.3 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69178 — WordPress Truemag theme <= 4.3.14.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69177 — WordPress Roneous theme <= 2.1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69176 — WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69168 — WordPress Spike theme <= 1.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Spike <= 1.2 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69167 — WordPress Eros theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Eros <= 1.3 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2025-69165 — WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Showing 20 of 7352 Results