Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21903
Total
1562
Critical
6654
High
7000
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-49768 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. | Jun 15, 2026 |
| CVE-2026-49766 | CRITICAL | 9.9 | Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | Jun 15, 2026 |
| CVE-2026-49765 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions. | Jun 15, 2026 |
| CVE-2026-49764 | CRITICAL | 9.8 | Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | Jun 15, 2026 |
| CVE-2026-49763 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | Jun 15, 2026 |
| CVE-2026-49112 | HIGH | 7.5 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. | Jun 15, 2026 |
| CVE-2026-49110 | HIGH | 7.5 | Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions. | Jun 15, 2026 |
| CVE-2026-49109 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | Jun 15, 2026 |
| CVE-2026-49106 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. | Jun 15, 2026 |
| CVE-2026-49105 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | Jun 15, 2026 |
| CVE-2026-49104 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. | Jun 15, 2026 |
| CVE-2026-49085 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | Jun 15, 2026 |
| CVE-2026-49083 | HIGH | 7.5 | Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | Jun 15, 2026 |
| CVE-2026-49082 | HIGH | 7.4 | Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. | Jun 15, 2026 |
| CVE-2026-49078 | HIGH | 7.5 | Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. | Jun 15, 2026 |
| CVE-2026-49070 | HIGH | 7.5 | Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. | Jun 15, 2026 |
| CVE-2026-49068 | HIGH | 7.5 | Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. | Jun 15, 2026 |
| CVE-2026-49067 | CRITICAL | 9.3 | Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions. | Jun 15, 2026 |
| CVE-2026-49066 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions. | Jun 15, 2026 |
| CVE-2026-49065 | HIGH | 8.2 | Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | Jun 15, 2026 |
| CVE-2026-49063 | HIGH | 7.3 | Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. | Jun 15, 2026 |
| CVE-2026-49061 | HIGH | 7.5 | Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions. | Jun 15, 2026 |
| CVE-2026-49056 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions. | Jun 15, 2026 |
| CVE-2026-49055 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions. | Jun 15, 2026 |
| CVE-2026-49043 | MEDIUM | 4.7 | Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions. | Jun 15, 2026 |