Latest CVE Vulnerabilities

8.1 HIGH

CVE-2026-39567 — WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39557 — WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39554 — WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39549 — WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

Remote | Path Traversal

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

7.1 HIGH

CVE-2026-39548 — WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.

Remote | Cross-Site Scripting

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39547 — WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

Remote | Path Traversal

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39539 — WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

9.8 CRITICAL

CVE-2026-39529 — WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39522 — WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Solene <= 3.4 versions.

Remote | Path Traversal

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39446 — WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39443 — WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

9.3 CRITICAL

CVE-2026-39438 — WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability

Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

6.5 MEDIUM

CVE-2026-39433 — WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.

Remote | Authorization

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-34895 — WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.

Remote | Path Traversal

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-34894 — WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.

Remote | Path Traversal

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-34893 — WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.

Remote | Path Traversal

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

9.8 CRITICAL

CVE-2026-27429 — WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

9.8 CRITICAL

CVE-2026-27395 — WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.

support_board | Remote | Authentication

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.8 HIGH

CVE-2026-12256 — WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Avada <= 3.15.3 versions.

avada | Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2025-69178 — WordPress Truemag theme <= 4.3.14.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.

Remote | Path Traversal

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences