Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20679
Total
1492
Critical
6280
High
6554
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-57652 | MEDIUM | 5.3 | Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions. | Jun 26, 2026 |
| CVE-2026-57651 | MEDIUM | 6.5 | Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. | Jun 26, 2026 |
| CVE-2026-57650 | MEDIUM | 6.5 | Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions. | Jun 26, 2026 |
| CVE-2026-57649 | MEDIUM | 4.3 | Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions. | Jun 26, 2026 |
| CVE-2026-57648 | MEDIUM | 4.3 | Contributor Broken Access Control in Nelio Content <= 4.3.4 versions. | Jun 26, 2026 |
| CVE-2026-57647 | HIGH | 7.5 | Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. | Jun 26, 2026 |
| CVE-2026-57646 | MEDIUM | 5.4 | Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions. | Jun 26, 2026 |
| CVE-2026-57645 | HIGH | 8.1 | newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. | Jun 26, 2026 |
| CVE-2026-57644 | HIGH | 8.5 | Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. | Jun 26, 2026 |
| CVE-2026-57643 | HIGH | 8.5 | Contributor SQL Injection in WP Post Author <= 3.9.1 versions. | Jun 26, 2026 |
| CVE-2026-57642 | HIGH | 8.5 | Contributor SQL Injection in Gallery <= 4.7.8 versions. | Jun 26, 2026 |
| CVE-2026-57641 | MEDIUM | 6.5 | Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions. | Jun 26, 2026 |
| CVE-2026-57640 | MEDIUM | 4.3 | Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions. | Jun 26, 2026 |
| CVE-2026-57638 | MEDIUM | 6.5 | Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. | Jun 26, 2026 |
| CVE-2026-57637 | MEDIUM | 4.3 | Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions. | Jun 26, 2026 |
| CVE-2026-57636 | HIGH | 8.5 | Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. | Jun 26, 2026 |
| CVE-2026-57635 | MEDIUM | 6.5 | Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions. | Jun 26, 2026 |
| CVE-2026-57634 | MEDIUM | 4.3 | Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions. | Jun 26, 2026 |
| CVE-2026-57633 | MEDIUM | 5.3 | Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare <= 1.1.0 versions. | Jun 26, 2026 |
| CVE-2026-57632 | MEDIUM | 5.4 | Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions. | Jun 26, 2026 |
| CVE-2026-57631 | HIGH | 7.6 | Administrator SQL Injection in Popup box <= 6.0.1 versions. | Jun 26, 2026 |
| CVE-2026-57630 | MEDIUM | 5.3 | Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions. | Jun 26, 2026 |
| CVE-2026-57629 | MEDIUM | 6.5 | Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions. | Jun 26, 2026 |
| CVE-2026-57628 | HIGH | 7.6 | Administrator SQL Injection in WP All Import <= 4.0.1 versions. | Jun 26, 2026 |
| CVE-2026-57627 | MEDIUM | 4.9 | Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. | Jun 26, 2026 |