Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,981 - 2,000 of 40,154 CVEs
CVE-2026-57687 HIGH - 8.5

Contributor SQL Injection in Custom Field Template <= 2.7.8 versions.

Vendor: Hiroaki Miyashita
Product: Custom Field Template
Published: Jul 02, 2026
Source: NVD
CVE-2026-57686 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions.

Vendor: WPXPO
Product: WowAddons
Published: Jul 02, 2026
Source: NVD
CVE-2026-57685 MEDIUM - 4.3

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme <= 3.2.8 versions.

Vendor: drfuri
Product: Martfury - WooCommerce Marketplace WordPress Theme
Published: Jul 02, 2026
Source: NVD
CVE-2026-57684 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions.

Vendor: tranmautritam
Product: TheFox
Published: Jul 02, 2026
Source: NVD
CVE-2026-57683 CRITICAL - 9.3

Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions.

Vendor: Epsiloncool
Product: WP Fast Total Search
Published: Jul 02, 2026
Source: NVD
CVE-2026-57682 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions.

Vendor: QuantumCloud
Product: Simple Link Directory
Published: Jul 02, 2026
Source: NVD
CVE-2026-57681 MEDIUM - 6.4

Subscriber Server Side Request Forgery (SSRF) in GeoDirectory <= 2.8.161 versions.

Vendor: Paolo
Product: GeoDirectory
Published: Jul 02, 2026
Source: NVD
CVE-2026-57680 MEDIUM - 6.5

Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions.

Vendor: Themeum
Product: Kirki
Published: Jul 02, 2026
Source: NVD
CVE-2026-57679 CRITICAL - 9.3

Unauthenticated SQL Injection in GeekyBot <= 1.2.5 versions.

Vendor: Ahmadgb
Product: GeekyBot
Published: Jul 02, 2026
Source: NVD
CVE-2026-57678 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16.

Vendor: ThemePunch
Product: Slider Revolution
Published: Jul 02, 2026
Source: NVD
CVE-2026-57677 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions.

Vendor: Novalnet
Product: Novalnet Payment Gateway for WooCommerce
Published: Jul 02, 2026
Source: NVD
CVE-2026-57675 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus <= 9.2.02.004 versions.

Vendor: Jacob N. Breetvelt
Product: WP Photo Album Plus
Published: Jul 02, 2026
Source: NVD
CVE-2026-57674 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Timetics <= 1.0.58 versions.

Vendor: Arraytics
Product: Timetics
Published: Jul 02, 2026
Source: NVD
CVE-2026-57673 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Optimole <= 4.2.7 versions.

Vendor: Optimole
Product: Optimole
Published: Jul 02, 2026
Source: NVD
CVE-2026-57672 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions.

Vendor: Melograno Venture Studio
Product: wpDataTables
Published: Jul 02, 2026
Source: NVD
CVE-2026-57671 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.4 versions.

Vendor: Perfmatters
Product: perfmatters
Published: Jul 02, 2026
Source: NVD
CVE-2026-57670 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Google Maps CP <= 1.2.5 versions.

Vendor: Codepeople
Product: Google Maps CP
Published: Jul 02, 2026
Source: NVD
CVE-2026-57669 MEDIUM - 6.5

Subscriber Broken Access Control in Advanced Contact form 7 DB <= 2.0.9 versions.

Vendor: Vsourz Digital
Product: Advanced Contact form 7 DB
Published: Jul 02, 2026
Source: NVD
CVE-2026-57625 CRITICAL - 9.6

Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions.

Vendor: ASE
Product: Admin and Site Enhancements (ASE) Pro
Published: Jul 02, 2026
Source: NVD
CVE-2026-57624 CRITICAL - 10.0

Unauthenticated Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.46 versions.

Vendor: Creative Themes
Product: Blocksy Companion Pro
Published: Jul 02, 2026
Source: NVD