Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-40761 — WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40760 — WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40759 — WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40758 — WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40755 — WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40754 — WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40751 — WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40739 — WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40736 — WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39580 — WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
5.5 MEDIUM
CVE-2026-39578 — WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
5.5 MEDIUM
CVE-2026-39577 — WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39568 — WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39567 — WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39557 — WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39554 — WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39549 — WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.1 HIGH
CVE-2026-39548 — WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.

Remote | Cross-Site Scripting
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39547 — WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39539 — WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Showing 20 of 7350 Results