Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20679
Total
1492
Critical
6280
High
6554
Medium
CVE ID Severity Score Description Published
CVE-2026-57652 MEDIUM 5.3 Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions. Jun 26, 2026
CVE-2026-57651 MEDIUM 6.5 Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions. Jun 26, 2026
CVE-2026-57650 MEDIUM 6.5 Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions. Jun 26, 2026
CVE-2026-57649 MEDIUM 4.3 Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions. Jun 26, 2026
CVE-2026-57648 MEDIUM 4.3 Contributor Broken Access Control in Nelio Content <= 4.3.4 versions. Jun 26, 2026
CVE-2026-57647 HIGH 7.5 Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions. Jun 26, 2026
CVE-2026-57646 MEDIUM 5.4 Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions. Jun 26, 2026
CVE-2026-57645 HIGH 8.1 newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions. Jun 26, 2026
CVE-2026-57644 HIGH 8.5 Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions. Jun 26, 2026
CVE-2026-57643 HIGH 8.5 Contributor SQL Injection in WP Post Author <= 3.9.1 versions. Jun 26, 2026
CVE-2026-57642 HIGH 8.5 Contributor SQL Injection in Gallery <= 4.7.8 versions. Jun 26, 2026
CVE-2026-57641 MEDIUM 6.5 Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions. Jun 26, 2026
CVE-2026-57640 MEDIUM 4.3 Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions. Jun 26, 2026
CVE-2026-57638 MEDIUM 6.5 Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions. Jun 26, 2026
CVE-2026-57637 MEDIUM 4.3 Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions. Jun 26, 2026
CVE-2026-57636 HIGH 8.5 Contributor SQL Injection in wpForo Forum <= 3.0.9 versions. Jun 26, 2026
CVE-2026-57635 MEDIUM 6.5 Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions. Jun 26, 2026
CVE-2026-57634 MEDIUM 4.3 Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions. Jun 26, 2026
CVE-2026-57633 MEDIUM 5.3 Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions. Jun 26, 2026
CVE-2026-57632 MEDIUM 5.4 Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions. Jun 26, 2026
CVE-2026-57631 HIGH 7.6 Administrator SQL Injection in Popup box <= 6.0.1 versions. Jun 26, 2026
CVE-2026-57630 MEDIUM 5.3 Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions. Jun 26, 2026
CVE-2026-57629 MEDIUM 6.5 Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions. Jun 26, 2026
CVE-2026-57628 HIGH 7.6 Administrator SQL Injection in WP All Import <= 4.0.1 versions. Jun 26, 2026
CVE-2026-57627 MEDIUM 4.9 Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. Jun 26, 2026