Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21910
Total
1562
Critical
6654
High
7007
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40732 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions. | Jun 15, 2026 |
| CVE-2026-40727 | HIGH | 7.7 | Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions. | Jun 15, 2026 |
| CVE-2026-39594 | MEDIUM | 6.4 | Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions. | Jun 15, 2026 |
| CVE-2026-39591 | CRITICAL | 9.9 | Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. | Jun 15, 2026 |
| CVE-2026-39587 | HIGH | 8.1 | Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions. | Jun 15, 2026 |
| CVE-2026-39584 | MEDIUM | 6.5 | Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions. | Jun 15, 2026 |
| CVE-2026-39583 | CRITICAL | 9.8 | Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. | Jun 15, 2026 |
| CVE-2026-39579 | HIGH | 8.8 | Contributor Privilege Escalation in B Blocks <= 2.0.31 versions. | Jun 15, 2026 |
| CVE-2026-39540 | MEDIUM | 6.5 | Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions. | Jun 15, 2026 |
| CVE-2026-39534 | HIGH | 7.5 | Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions. | Jun 15, 2026 |
| CVE-2026-39533 | HIGH | 7.5 | Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions. | Jun 15, 2026 |
| CVE-2026-39532 | HIGH | 8.8 | Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. | Jun 15, 2026 |
| CVE-2026-39530 | CRITICAL | 9.3 | Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions. | Jun 15, 2026 |
| CVE-2026-39527 | MEDIUM | 5.4 | Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions. | Jun 15, 2026 |
| CVE-2026-39525 | MEDIUM | 6.5 | Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions. | Jun 15, 2026 |
| CVE-2026-39524 | HIGH | 7.5 | Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions. | Jun 15, 2026 |
| CVE-2026-39519 | CRITICAL | 9.3 | Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions. | Jun 15, 2026 |
| CVE-2026-39518 | HIGH | 7.1 | Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. | Jun 15, 2026 |
| CVE-2026-39515 | MEDIUM | 6.5 | Subscriber Broken Access Control in Motors < 1.4.107 versions. | Jun 15, 2026 |
| CVE-2026-39514 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions. | Jun 15, 2026 |
| CVE-2026-39513 | HIGH | 7.5 | Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions. | Jun 15, 2026 |
| CVE-2026-39512 | CRITICAL | 9.3 | Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions. | Jun 15, 2026 |
| CVE-2026-39511 | CRITICAL | 9.3 | Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions. | Jun 15, 2026 |
| CVE-2026-39507 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions. | Jun 15, 2026 |
| CVE-2026-39503 | HIGH | 7.5 | Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions. | Jun 15, 2026 |