Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.9 CRITICAL
CVE-2026-39589 — WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39582 — WordPress Hitek theme < 1.8.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39573 — WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39558 — WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.6 HIGH
CVE-2026-39546 — WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.

multiloca | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39545 — WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39537 — WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-34888 — WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.

Remote | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-27410 — WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerabi…

Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.6 HIGH
CVE-2026-27400 — WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-27041 — WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upl…

Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-25446 — WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-25439 — WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability

Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.

booknetic | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.1 CRITICAL
CVE-2026-24611 — WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-24610 — WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-24575 — WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.6 HIGH
CVE-2026-22343 — WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-22342 — WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to A…

Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.

Remote | Cross-Site Request Forgery
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-22340 — WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-22339 — WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7625 Results