Total CVEs

140,284

Critical Severity

3,711

High Severity

13,344

Last 7 Days

1,821
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 201 - 220 of 36,689 CVEs
CVE-2026-57656 MEDIUM - 5.9

Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

Vendor: peregrinethemes
Product: Hester Core
Published: Jun 26, 2026
Source: NVD
CVE-2026-57655 HIGH - 8.2

Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

Vendor: Jay Versluis
Product: Child Theme Wizard
Published: Jun 26, 2026
Source: NVD
CVE-2026-57654 MEDIUM - 6.5

Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

Vendor: wp.insider
Product: Affiliates Manager
Published: Jun 26, 2026
Source: NVD
CVE-2026-57653 HIGH - 8.5

Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.

Vendor: wpjobportal
Product: WP Job Portal
Published: Jun 26, 2026
Source: NVD
CVE-2026-57652 MEDIUM - 5.3

Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.

Vendor: JoomSky
Product: JS Help Desk
Published: Jun 26, 2026
Source: NVD
CVE-2026-57651 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.

Vendor: nK
Product: Ghost Kit
Published: Jun 26, 2026
Source: NVD
CVE-2026-57650 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.

Vendor: BlockArt
Product: Magazine Blocks
Published: Jun 26, 2026
Source: NVD
CVE-2026-57649 MEDIUM - 4.3

Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.

Vendor: studiowombat
Product: Shoppable Images Lite
Published: Jun 26, 2026
Source: NVD
CVE-2026-57648 MEDIUM - 4.3

Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.

Vendor: Nelio Software
Product: Nelio Content
Published: Jun 26, 2026
Source: NVD
CVE-2026-57647 HIGH - 7.5

Contributor Local File Inclusion in Panorama Viewer โ€“ 360 Degree Image + Video Viewer <= 1.6.1 versions.

Vendor: bPlugins
Product: Panorama Viewer โ€“ 360 Degree Image + Video Viewer
Published: Jun 26, 2026
Source: NVD
CVE-2026-57646 MEDIUM - 5.4

Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.

Vendor: Majestic Support
Product: Majestic Support
Published: Jun 26, 2026
Source: NVD
CVE-2026-57645 HIGH - 8.1

newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.

Vendor: Tribulant Software
Product: Newsletters
Published: Jun 26, 2026
Source: NVD
CVE-2026-57644 HIGH - 8.5

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

Vendor: jetmonsters
Product: Restaurant Menu by MotoPress
Published: Jun 26, 2026
Source: NVD
CVE-2026-57643 HIGH - 8.5

Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

Vendor: AF themes
Product: WP Post Author
Published: Jun 26, 2026
Source: NVD
CVE-2026-57642 HIGH - 8.5

Contributor SQL Injection in Gallery <= 4.7.8 versions.

Vendor: bestwebsoft
Product: Gallery
Published: Jun 26, 2026
Source: NVD
CVE-2026-57641 MEDIUM - 6.5

Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.

Vendor: Contempoinc
Product: Real Estate 7
Published: Jun 26, 2026
Source: NVD
CVE-2026-57640 MEDIUM - 4.3

Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.

Vendor: Stylemix
Product: MasterStudy LMS
Published: Jun 26, 2026
Source: NVD
CVE-2026-57638 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.

Vendor: WPManageNinja LLC
Product: Fluent Booking
Published: Jun 26, 2026
Source: NVD
CVE-2026-57637 MEDIUM - 4.3

Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions.

Vendor: tychesoftwares
Product: Abandoned Cart Lite for WooCommerce
Published: Jun 26, 2026
Source: NVD
CVE-2026-57636 HIGH - 8.5

Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

Vendor: Tomdever
Product: wpForo Forum
Published: Jun 26, 2026
Source: NVD