CVE-2026-39448
— WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerabili…
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27436
— WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Executi…
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27433
— WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27430
— WordPress TheFox theme <= 3.9.76 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27426
— WordPress Automotive Car Dealership Business theme <= 13.3.3 - Reflected Cross Site Scrip…
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27425
— WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulne…
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27419
— WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.
zegen
|
Remote
|
Misconfiguration
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27414
— WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27412
— WordPress Pearl - Corporate Business theme <= 3.4.10 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
Remote
|
Path Traversal
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27408
— WordPress NativeChurch theme <= 4.8.8.2 - Reflected Cross Site Scripting (XSS) vulnerabil…
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27404
— WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27402
— WordPress Kids Life | Children School WordPress theme <= 5.2 - Cross Site Scripting (XSS)…
Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27060
— WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2025-69156
— WordPress Kids Zone - Children WordPress Theme theme <= 5.4 - Cross Site Scripting (XSS) …
Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2025-69155
— WordPress Fitness Zone WordPress Theme theme <= 5.7 - Cross Site Scripting (XSS) vulnerab…
Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2025-69154
— WordPress SpaLab | Beauty Salon WordPress Theme theme <= 6.7 - Cross Site Scripting (XSS)…
Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2025-69153
— WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2025-69152
— WordPress Artale | Wedding Photography WordPress theme <= 2.2.2 - Cross Site Scripting (X…
Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2025-69134
— WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Delet…
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.
Remote
|
Authentication
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2025-69133
— WordPress Tourmaster plugin <= 5.4.5 - Local File Inclusion vulnerability
Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.
Remote
|
Path Traversal
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026