Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21903
Total
1562
Critical
6654
High
7000
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-42657 | MEDIUM | 5.3 | Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions. | Jun 15, 2026 |
| CVE-2026-42656 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions. | Jun 15, 2026 |
| CVE-2026-42655 | MEDIUM | 5.9 | Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions. | Jun 15, 2026 |
| CVE-2026-42651 | MEDIUM | 6.3 | Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions. | Jun 15, 2026 |
| CVE-2026-42650 | HIGH | 7.2 | Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions. | Jun 15, 2026 |
| CVE-2026-42649 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions. | Jun 15, 2026 |
| CVE-2026-42640 | MEDIUM | 6.5 | Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions. | Jun 15, 2026 |
| CVE-2026-42639 | CRITICAL | 9.3 | Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions. | Jun 15, 2026 |
| CVE-2026-42411 | HIGH | 8.1 | Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions. | Jun 15, 2026 |
| CVE-2026-42386 | CRITICAL | 9.3 | Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions. | Jun 15, 2026 |
| CVE-2026-42384 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions. | Jun 15, 2026 |
| CVE-2026-42381 | CRITICAL | 9.3 | Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions. | Jun 15, 2026 |
| CVE-2026-42378 | MEDIUM | 6.5 | Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions. | Jun 15, 2026 |
| CVE-2026-41556 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions. | Jun 15, 2026 |
| CVE-2026-40799 | MEDIUM | 5.3 | Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions. | Jun 15, 2026 |
| CVE-2026-40798 | CRITICAL | 9.3 | Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions. | Jun 15, 2026 |
| CVE-2026-40796 | MEDIUM | 6.5 | Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions. | Jun 15, 2026 |
| CVE-2026-40795 | MEDIUM | 6.5 | Subscriber Broken Access Control in Amelia <= 2.2 versions. | Jun 15, 2026 |
| CVE-2026-40794 | MEDIUM | 6.5 | Subscriber Broken Access Control in myCred <= 3.0.3 versions. | Jun 15, 2026 |
| CVE-2026-40793 | MEDIUM | 6.5 | Subscriber Broken Access Control in Groundhogg < 4.4.1 versions. | Jun 15, 2026 |
| CVE-2026-40792 | MEDIUM | 6.3 | Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions. | Jun 15, 2026 |
| CVE-2026-40791 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. | Jun 15, 2026 |
| CVE-2026-40790 | MEDIUM | 6.5 | Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions. | Jun 15, 2026 |
| CVE-2026-40789 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions. | Jun 15, 2026 |
| CVE-2026-40788 | HIGH | 7.1 | Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. | Jun 15, 2026 |