Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.2 HIGH
CVE-2026-1945 — WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and '…

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_name' and 'wpb_user_email' parameters in all versions up to, and including, 1.0.8 due to insufficient …

wpbookit | Remote | Cross-Site Scripting
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
6.5 MEDIUM
CVE-2026-1651 — Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection …

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflow_ids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping…

Remote | Injection
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
7.2 HIGH
CVE-2026-1273 — PostX <= 5.0.8 - Authenticated (Administrator+) Server-Side Request Forgery via REST API …

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the `/ultp/…

Remote | Server-Side Request Forgery
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
Showing 20 of 6363 Results