Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21903
Total
1562
Critical
6654
High
7000
Medium
CVE ID Severity Score Description Published
CVE-2026-49768 CRITICAL 9.8 Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. Jun 15, 2026
CVE-2026-49766 CRITICAL 9.9 Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. Jun 15, 2026
CVE-2026-49765 CRITICAL 9.8 Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions. Jun 15, 2026
CVE-2026-49764 CRITICAL 9.8 Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. Jun 15, 2026
CVE-2026-49763 CRITICAL 9.8 Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. Jun 15, 2026
CVE-2026-49112 HIGH 7.5 Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. Jun 15, 2026
CVE-2026-49110 HIGH 7.5 Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions. Jun 15, 2026
CVE-2026-49109 CRITICAL 9.8 Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. Jun 15, 2026
CVE-2026-49106 CRITICAL 9.8 Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. Jun 15, 2026
CVE-2026-49105 CRITICAL 9.8 Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. Jun 15, 2026
CVE-2026-49104 CRITICAL 9.8 Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. Jun 15, 2026
CVE-2026-49085 CRITICAL 9.8 Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. Jun 15, 2026
CVE-2026-49083 HIGH 7.5 Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. Jun 15, 2026
CVE-2026-49082 HIGH 7.4 Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions. Jun 15, 2026
CVE-2026-49078 HIGH 7.5 Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. Jun 15, 2026
CVE-2026-49070 HIGH 7.5 Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. Jun 15, 2026
CVE-2026-49068 HIGH 7.5 Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. Jun 15, 2026
CVE-2026-49067 CRITICAL 9.3 Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions. Jun 15, 2026
CVE-2026-49066 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions. Jun 15, 2026
CVE-2026-49065 HIGH 8.2 Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. Jun 15, 2026
CVE-2026-49063 HIGH 7.3 Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. Jun 15, 2026
CVE-2026-49061 HIGH 7.5 Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions. Jun 15, 2026
CVE-2026-49056 HIGH 7.5 Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions. Jun 15, 2026
CVE-2026-49055 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions. Jun 15, 2026
CVE-2026-49043 MEDIUM 4.7 Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions. Jun 15, 2026