Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-57744 — WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
8.1 HIGH
CVE-2026-57743 — WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusio…

Remote | Path Traversal
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57741 — WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - Cross Site Scripting (XSS) vulne…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Stored XSS.This issue aff…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57740 — WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerabil…

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyM…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.3 CRITICAL
CVE-2026-57739 — WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This …

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.8 CRITICAL
CVE-2026-57738 — WordPress 777 theme <= 1.13.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through <= 1.13.0.

777 | Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57734 — WordPress tagDiv Composer plugin <= 5.4.3 - Reflected Cross Site Scripting (XSS) vulnerab…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from …

composer | Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57733 — WordPress tagDiv Cloud Library plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud…

cloud_library | Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57732 — WordPress tagDiv Opt-In Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-I…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.5 HIGH
CVE-2026-57729 — WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.20.5.

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57728 — WordPress Flatsome theme <= 3.20.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through <=…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.5 HIGH
CVE-2026-57727 — WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13.

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.3 CRITICAL
CVE-2026-57726 — WordPress Kirki plugin <= 6.0.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through <= 6.0.…

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57725 — WordPress Kirki plugin <= 6.0.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through <= 6.0.11.

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.8 CRITICAL
CVE-2026-57724 — WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through <= 6.0.12.

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
10.0 CRITICAL
CVE-2026-57719 — WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through <= 2.8.3.

Remote | Misconfiguration
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57718 — WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-e…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57715 — WordPress Fluent CRM plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a …

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
9.3 CRITICAL
CVE-2026-57714 — WordPress LatePoint plugin <= 5.6.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LatePoint LatePoint latepoint allows Blind SQL Injection.This issue affects LatePoint: from n/a t…

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
8.8 HIGH
CVE-2026-57713 — WordPress Events Manager plugin <= 7.3.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Marcus (aka @msykes) Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through <= 7.3.6.

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
Showing 20 of 7309 Results