Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21903
Total
1562
Critical
6654
High
7000
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40787 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions. | Jun 15, 2026 |
| CVE-2026-40785 | HIGH | 7.1 | Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions. | Jun 15, 2026 |
| CVE-2026-40782 | MEDIUM | 6.5 | Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. | Jun 15, 2026 |
| CVE-2026-40781 | HIGH | 7.5 | Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. | Jun 15, 2026 |
| CVE-2026-40779 | HIGH | 7.7 | Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions. | Jun 15, 2026 |
| CVE-2026-40776 | HIGH | 7.5 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions. | Jun 15, 2026 |
| CVE-2026-40775 | HIGH | 7.3 | Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions. | Jun 15, 2026 |
| CVE-2026-40774 | HIGH | 7.5 | Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions. | Jun 15, 2026 |
| CVE-2026-40773 | MEDIUM | 6.5 | Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions. | Jun 15, 2026 |
| CVE-2026-40772 | CRITICAL | 10.0 | Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions. | Jun 15, 2026 |
| CVE-2026-40771 | CRITICAL | 9.3 | Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions. | Jun 15, 2026 |
| CVE-2026-40770 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions. | Jun 15, 2026 |
| CVE-2026-40769 | HIGH | 8.6 | Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions. | Jun 15, 2026 |
| CVE-2026-40767 | HIGH | 7.5 | Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions. | Jun 15, 2026 |
| CVE-2026-40766 | HIGH | 8.5 | Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions. | Jun 15, 2026 |
| CVE-2026-40762 | HIGH | 7.5 | Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions. | Jun 15, 2026 |
| CVE-2026-40743 | MEDIUM | 6.5 | Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions. | Jun 15, 2026 |
| CVE-2026-40741 | HIGH | 7.5 | Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. | Jun 15, 2026 |
| CVE-2026-40732 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions. | Jun 15, 2026 |
| CVE-2026-40727 | HIGH | 7.7 | Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions. | Jun 15, 2026 |
| CVE-2026-39594 | MEDIUM | 6.4 | Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions. | Jun 15, 2026 |
| CVE-2026-39591 | CRITICAL | 9.9 | Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. | Jun 15, 2026 |
| CVE-2026-39587 | HIGH | 8.1 | Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions. | Jun 15, 2026 |
| CVE-2026-39584 | MEDIUM | 6.5 | Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions. | Jun 15, 2026 |
| CVE-2026-39583 | CRITICAL | 9.8 | Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. | Jun 15, 2026 |