Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-39480 — WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-39478 — WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object I…

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-39474 — WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.

post_duplicator | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39472 — WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection …

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39471 — WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability

Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 versions.

image_optimizer | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39470 — WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vul…

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.8 MEDIUM
CVE-2026-39468 — WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File …

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions.

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.1 CRITICAL
CVE-2026-39465 — WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE)…

Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39463 — WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.3 MEDIUM
CVE-2026-39451 — WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerabili…

Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39450 — WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39449 — WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.

contact_form_to_any_api | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39447 — WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vu…

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.

simply_schedule_appointments | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-39441 — WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerabi…

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-39435 — WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-39434 — WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-34902 — WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vul…

Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.

woocommerce_product_table_lite | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-34901 — WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-34900 — WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-34898 — WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control v…

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6861 Results