Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21910
Total
1562
Critical
6654
High
7007
Medium
CVE ID Severity Score Description Published
CVE-2026-34901 CRITICAL 9.8 Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions. Jun 15, 2026
CVE-2026-34900 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions. Jun 15, 2026
CVE-2026-34898 HIGH 7.5 Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions. Jun 15, 2026
CVE-2026-34892 MEDIUM 6.5 Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions. Jun 15, 2026
CVE-2026-34891 HIGH 7.5 Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions. Jun 15, 2026
CVE-2026-34886 HIGH 7.5 Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. Jun 15, 2026
CVE-2026-27407 HIGH 7.2 Editor Privilege Escalation in AI Engine <= 3.4.9 versions. Jun 15, 2026
CVE-2026-27333 HIGH 8.1 Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site <= 7.3.23 versions. Jun 15, 2026
CVE-2026-27089 HIGH 7.5 Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions. Jun 15, 2026
CVE-2026-27053 CRITICAL 9.8 Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. Jun 15, 2026
CVE-2026-25440 MEDIUM 5.3 Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions. Jun 15, 2026
CVE-2026-25425 HIGH 7.5 Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. Jun 15, 2026
CVE-2026-24637 HIGH 8.5 Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions. Jun 15, 2026
CVE-2026-23970 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions. Jun 15, 2026
CVE-2025-69332 MEDIUM 6.5 Subscriber Broken Access Control in Bookify <= 1.1.1 versions. Jun 15, 2026
CVE-2025-68872 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Eli&#039;s WordCents adSense Widget with Analytics <= 1.3.03.27 versions. Jun 15, 2026
CVE-2025-68851 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions. Jun 15, 2026
CVE-2025-68840 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions. Jun 15, 2026
CVE-2025-68049 MEDIUM 6.3 Subscriber Broken Access Control in bunny.net <= 2.3.6 versions. Jun 15, 2026
CVE-2025-60175 MEDIUM 4.4 Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions. Jun 15, 2026
CVE-2025-59133 HIGH 7.5 Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions. Jun 15, 2026
CVE-2026-54444 UNKNOWN Rejected reason: ]** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49489. Reason: This candidate is a duplicate of CVE-2026-49489. Notes: All CVE users … Jun 15, 2026
CVE-2026-54296 UNKNOWN Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12075. Reason: This candidate is a duplicate of CVE-2026-12075. Notes: All CVE users … Jun 15, 2026
CVE-2026-54295 UNKNOWN Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12061. Reason: This candidate is a duplicate of CVE-2026-12061. Notes: All CVE users … Jun 15, 2026
CVE-2026-54294 UNKNOWN Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-12072. Reason: This candidate is a duplicate of CVE-2026-12072. Notes: All CVE users … Jun 15, 2026