Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20735
Total
1498
Critical
6296
High
6574
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-56071 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions. | Jun 25, 2026 |
| CVE-2026-56054 | HIGH | 7.7 | Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions. | Jun 25, 2026 |
| CVE-2026-56053 | HIGH | 8.8 | Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions. | Jun 25, 2026 |
| CVE-2026-56051 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions. | Jun 25, 2026 |
| CVE-2026-56050 | MEDIUM | 6.5 | Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a … | Jun 25, 2026 |
| CVE-2026-56049 | HIGH | 8.5 | Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions. | Jun 25, 2026 |
| CVE-2026-56042 | HIGH | 7.1 | Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions. | Jun 25, 2026 |
| CVE-2026-56023 | MEDIUM | 5.4 | Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions. | Jun 25, 2026 |
| CVE-2026-56014 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions. | Jun 25, 2026 |
| CVE-2026-56013 | MEDIUM | 6.5 | Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions. | Jun 25, 2026 |
| CVE-2026-56006 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions. | Jun 25, 2026 |
| CVE-2026-56005 | HIGH | 7.1 | Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions. | Jun 25, 2026 |
| CVE-2026-54849 | CRITICAL | 9.3 | Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. | Jun 25, 2026 |
| CVE-2026-54848 | HIGH | 8.3 | Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square … | Jun 25, 2026 |
| CVE-2026-54845 | HIGH | 8.1 | Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. | Jun 25, 2026 |
| CVE-2026-54844 | HIGH | 7.5 | Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions. | Jun 25, 2026 |
| CVE-2026-54843 | CRITICAL | 9.3 | Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. | Jun 25, 2026 |
| CVE-2026-54842 | HIGH | 8.1 | Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. | Jun 25, 2026 |
| CVE-2026-54841 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. | Jun 25, 2026 |
| CVE-2026-54838 | HIGH | 8.5 | Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. | Jun 25, 2026 |
| CVE-2026-54836 | CRITICAL | 9.3 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from … | Jun 25, 2026 |
| CVE-2026-54830 | HIGH | 7.5 | Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions. | Jun 25, 2026 |
| CVE-2026-54829 | HIGH | 7.5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. … | Jun 25, 2026 |
| CVE-2026-54828 | HIGH | 7.5 | Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. | Jun 25, 2026 |
| CVE-2026-54823 | CRITICAL | 9.9 | Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. | Jun 25, 2026 |