Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,924
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 4,341 - 4,360 of 37,677 CVEs
CVE-2026-49776 CRITICAL - 9.3

Unauthenticated SQL Injection in GPTranslate โ€“ Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.

Vendor: JExtensions Store
Product: GPTranslate โ€“ Multilingual AI Translation for WordPress: Automatically Translate Websites
Published: Jun 15, 2026
Source: NVD
CVE-2026-49775 MEDIUM - 6.5

Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.

Vendor: info@welcart
Product: Welcart e-Commerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-49773 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

Vendor: FolioVision
Product: FV Flowplayer Video Player
Published: Jun 15, 2026
Source: NVD
CVE-2026-49770 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.

Vendor: WP Travel Engine
Product: WP Travel Engine
Published: Jun 15, 2026
Source: NVD
CVE-2026-49769 CRITICAL - 9.8

Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.

Vendor: Tomdever
Product: wpForo Forum
Published: Jun 15, 2026
Source: NVD
CVE-2026-49768 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.

Vendor: Happyforms
Product: Happyforms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49766 CRITICAL - 9.9

Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.

Vendor: WP User Manager
Product: WP User Manager
Published: Jun 15, 2026
Source: NVD
CVE-2026-49765 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.

Vendor: CRM Perks
Product: Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49764 CRITICAL - 9.8

Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.

Vendor: Metagauss
Product: RegistrationMagic
Published: Jun 15, 2026
Source: NVD
CVE-2026-49763 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.

Vendor: CRM Perks
Product: Integration for Contact Form 7 HubSpot
Published: Jun 15, 2026
Source: NVD
CVE-2026-49112 HIGH - 7.5

Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.

Vendor: Tammersoft
Product: Shared Files
Published: Jun 15, 2026
Source: NVD
CVE-2026-49110 HIGH - 7.5

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

Vendor: WP Swings
Product: Upsell Order Bump Offer for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-49109 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.

Vendor: crm perks
Product: Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49106 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.

Vendor: CRM Perks
Product: Integration for Contact Form 7 and Constant Contact
Published: Jun 15, 2026
Source: NVD
CVE-2026-49105 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

Vendor: CRM Perks
Product: WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49104 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.

Vendor: CRM Perks
Product: Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49085 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

Vendor: CRM Perks
Product: WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49083 HIGH - 7.5

Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.

Vendor: LatePoint
Product: LatePoint
Published: Jun 15, 2026
Source: NVD
CVE-2026-49082 HIGH - 7.4

Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions.

Vendor: Chatway Live Chat
Product: Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons
Published: Jun 15, 2026
Source: NVD
CVE-2026-49078 HIGH - 7.5

Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.

Vendor: WP Travel Engine
Product: WP Travel Engine
Published: Jun 15, 2026
Source: NVD