Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21910
Total
1562
Critical
6654
High
7007
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34901 | CRITICAL | 9.8 | Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions. | Jun 15, 2026 |
| CVE-2026-34900 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions. | Jun 15, 2026 |
| CVE-2026-34898 | HIGH | 7.5 | Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions. | Jun 15, 2026 |
| CVE-2026-34892 | MEDIUM | 6.5 | Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions. | Jun 15, 2026 |
| CVE-2026-34891 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions. | Jun 15, 2026 |
| CVE-2026-34886 | HIGH | 7.5 | Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. | Jun 15, 2026 |
| CVE-2026-27407 | HIGH | 7.2 | Editor Privilege Escalation in AI Engine <= 3.4.9 versions. | Jun 15, 2026 |
| CVE-2026-27333 | HIGH | 8.1 | Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site <= 7.3.23 versions. | Jun 15, 2026 |
| CVE-2026-27089 | HIGH | 7.5 | Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions. | Jun 15, 2026 |
| CVE-2026-27053 | CRITICAL | 9.8 | Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. | Jun 15, 2026 |
| CVE-2026-25440 | MEDIUM | 5.3 | Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions. | Jun 15, 2026 |
| CVE-2026-25425 | HIGH | 7.5 | Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. | Jun 15, 2026 |
| CVE-2026-24637 | HIGH | 8.5 | Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions. | Jun 15, 2026 |
| CVE-2026-23970 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions. | Jun 15, 2026 |
| CVE-2025-69332 | MEDIUM | 6.5 | Subscriber Broken Access Control in Bookify <= 1.1.1 versions. | Jun 15, 2026 |
| CVE-2025-68872 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions. | Jun 15, 2026 |
| CVE-2025-68851 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions. | Jun 15, 2026 |
| CVE-2025-68840 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions. | Jun 15, 2026 |
| CVE-2025-68049 | MEDIUM | 6.3 | Subscriber Broken Access Control in bunny.net <= 2.3.6 versions. | Jun 15, 2026 |
| CVE-2025-60175 | MEDIUM | 4.4 | Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions. | Jun 15, 2026 |
| CVE-2025-59133 | HIGH | 7.5 | Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions. | Jun 15, 2026 |
| CVE-2026-54444 | UNKNOWN | — | Rejected reason: ]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49489. Reason: This candidate is a duplicate of CVE-2026-49489. Notes: All CVE users … | Jun 15, 2026 |
| CVE-2026-54296 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12075. Reason: This candidate is a duplicate of CVE-2026-12075. Notes: All CVE users … | Jun 15, 2026 |
| CVE-2026-54295 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12061. Reason: This candidate is a duplicate of CVE-2026-12061. Notes: All CVE users … | Jun 15, 2026 |
| CVE-2026-54294 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12072. Reason: This candidate is a duplicate of CVE-2026-12072. Notes: All CVE users … | Jun 15, 2026 |