Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21903
Total
1562
Critical
6654
High
7000
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-48970 | HIGH | 8.1 | Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | Jun 15, 2026 |
| CVE-2026-48966 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions. | Jun 15, 2026 |
| CVE-2026-48965 | MEDIUM | 6.5 | Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions. | Jun 15, 2026 |
| CVE-2026-48964 | HIGH | 8.5 | Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. | Jun 15, 2026 |
| CVE-2026-48889 | HIGH | 8.8 | Subscriber Privilege Escalation in Amelia <= 2.3 versions. | Jun 15, 2026 |
| CVE-2026-48887 | MEDIUM | 6.5 | Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions. | Jun 15, 2026 |
| CVE-2026-48886 | CRITICAL | 9.3 | Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions. | Jun 15, 2026 |
| CVE-2026-48885 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. | Jun 15, 2026 |
| CVE-2026-48883 | HIGH | 7.5 | Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions. | Jun 15, 2026 |
| CVE-2026-48882 | HIGH | 8.5 | Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. | Jun 15, 2026 |
| CVE-2026-48881 | CRITICAL | 9.1 | Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions. | Jun 15, 2026 |
| CVE-2026-48880 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions. | Jun 15, 2026 |
| CVE-2026-48878 | MEDIUM | 6.5 | Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions. | Jun 15, 2026 |
| CVE-2026-48876 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions. | Jun 15, 2026 |
| CVE-2026-48874 | HIGH | 8.5 | Subscriber SQL Injection in GamiPress <= 7.8.7 versions. | Jun 15, 2026 |
| CVE-2026-48873 | HIGH | 7.5 | Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions. | Jun 15, 2026 |
| CVE-2026-48872 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions. | Jun 15, 2026 |
| CVE-2026-48871 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions. | Jun 15, 2026 |
| CVE-2026-48870 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions. | Jun 15, 2026 |
| CVE-2026-48868 | HIGH | 7.5 | Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions. | Jun 15, 2026 |
| CVE-2026-48867 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions. | Jun 15, 2026 |
| CVE-2026-48838 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions. | Jun 15, 2026 |
| CVE-2026-48836 | CRITICAL | 10.0 | Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions. | Jun 15, 2026 |
| CVE-2026-48835 | HIGH | 7.5 | Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions. | Jun 15, 2026 |
| CVE-2026-48709 | LOW | 3.7 | OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform … | Jun 15, 2026 |