Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20735
Total
1498
Critical
6296
High
6574
Medium
CVE ID Severity Score Description Published
CVE-2026-56071 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions. Jun 25, 2026
CVE-2026-56054 HIGH 7.7 Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions. Jun 25, 2026
CVE-2026-56053 HIGH 8.8 Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions. Jun 25, 2026
CVE-2026-56051 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions. Jun 25, 2026
CVE-2026-56050 MEDIUM 6.5 Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a … Jun 25, 2026
CVE-2026-56049 HIGH 8.5 Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions. Jun 25, 2026
CVE-2026-56042 HIGH 7.1 Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions. Jun 25, 2026
CVE-2026-56023 MEDIUM 5.4 Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions. Jun 25, 2026
CVE-2026-56014 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions. Jun 25, 2026
CVE-2026-56013 MEDIUM 6.5 Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions. Jun 25, 2026
CVE-2026-56006 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions. Jun 25, 2026
CVE-2026-56005 HIGH 7.1 Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions. Jun 25, 2026
CVE-2026-54849 CRITICAL 9.3 Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions. Jun 25, 2026
CVE-2026-54848 HIGH 8.3 Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square … Jun 25, 2026
CVE-2026-54845 HIGH 8.1 Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. Jun 25, 2026
CVE-2026-54844 HIGH 7.5 Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions. Jun 25, 2026
CVE-2026-54843 CRITICAL 9.3 Unauthenticated SQL Injection in MDTF <= 1.3.7 versions. Jun 25, 2026
CVE-2026-54842 HIGH 8.1 Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. Jun 25, 2026
CVE-2026-54841 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions. Jun 25, 2026
CVE-2026-54838 HIGH 8.5 Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions. Jun 25, 2026
CVE-2026-54836 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from … Jun 25, 2026
CVE-2026-54830 HIGH 7.5 Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions. Jun 25, 2026
CVE-2026-54829 HIGH 7.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. … Jun 25, 2026
CVE-2026-54828 HIGH 7.5 Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. Jun 25, 2026
CVE-2026-54823 CRITICAL 9.9 Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. Jun 25, 2026