Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20679
Total
1492
Critical
6280
High
6554
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-56031 | HIGH | 8.1 | Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions. | Jun 26, 2026 |
| CVE-2026-56030 | CRITICAL | 9.8 | Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions. | Jun 26, 2026 |
| CVE-2026-56029 | HIGH | 7.5 | Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions. | Jun 26, 2026 |
| CVE-2026-56028 | CRITICAL | 9.8 | Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website Templates <= 1.4.9 versions. | Jun 26, 2026 |
| CVE-2026-56027 | CRITICAL | 9.9 | Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions. | Jun 26, 2026 |
| CVE-2026-56026 | MEDIUM | 6.4 | Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions. | Jun 26, 2026 |
| CVE-2026-56025 | HIGH | 7.5 | Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions. | Jun 26, 2026 |
| CVE-2026-56011 | HIGH | 7.1 | Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions. | Jun 26, 2026 |
| CVE-2026-56010 | HIGH | 8.8 | Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions. | Jun 26, 2026 |
| CVE-2026-56008 | HIGH | 8.8 | Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions. | Jun 26, 2026 |
| CVE-2026-54847 | HIGH | 7.5 | Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions. | Jun 26, 2026 |
| CVE-2026-54846 | HIGH | 7.5 | Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions. | Jun 26, 2026 |
| CVE-2026-54840 | HIGH | 7.3 | Unauthenticated Broken Access Control in Newsletters <= 4.13 versions. | Jun 26, 2026 |
| CVE-2026-54839 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions. | Jun 26, 2026 |
| CVE-2026-54837 | HIGH | 7.5 | Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions. | Jun 26, 2026 |
| CVE-2026-54835 | HIGH | 7.5 | Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions. | Jun 26, 2026 |
| CVE-2026-54834 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions. | Jun 26, 2026 |
| CVE-2026-54833 | HIGH | 7.4 | Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions. | Jun 26, 2026 |
| CVE-2026-54832 | HIGH | 7.5 | Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions. | Jun 26, 2026 |
| CVE-2026-54831 | CRITICAL | 9.3 | Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions. | Jun 26, 2026 |
| CVE-2026-54827 | CRITICAL | 9.3 | Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions. | Jun 26, 2026 |
| CVE-2026-54826 | HIGH | 7.6 | Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions. | Jun 26, 2026 |
| CVE-2026-54825 | CRITICAL | 9.3 | Unauthenticated SQL Injection in wpDataTables <= 7.4 versions. | Jun 26, 2026 |
| CVE-2026-54824 | HIGH | 7.5 | Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions. | Jun 26, 2026 |
| CVE-2026-54820 | CRITICAL | 9.3 | Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions. | Jun 26, 2026 |