Total CVEs

137,287

Critical Severity

3,310

High Severity

12,270

Last 7 Days

1,306
Quick preset (or use dates below)
Clear Filters
Showing 41 - 60 of 3,310 CVEs
CVE-2026-49085 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

Vendor: CRM Perks
Product: WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49067 CRITICAL - 9.3

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.

Vendor: yydevelopment
Product: Advanced 301 and 302 Redirect
Published: Jun 15, 2026
Source: NVD
CVE-2026-48886 CRITICAL - 9.3

Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.

Vendor: Ahmad
Product: JS Help Desk
Published: Jun 15, 2026
Source: NVD
CVE-2026-48881 CRITICAL - 9.1

Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.

Vendor: themetechmount
Product: TrueBooker
Published: Jun 15, 2026
Source: NVD
CVE-2026-48836 CRITICAL - 10.0

Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.

Vendor: MantraBrain
Product: Easy Invoice
Published: Jun 15, 2026
Source: NVD
CVE-2026-45439 CRITICAL - 9.3

Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.

Vendor: Realtyna
Product: Realtyna Organic IDX plugin
Published: Jun 15, 2026
Source: NVD
CVE-2026-42665 CRITICAL - 9.3

Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions.

Vendor: Passionate Programmer Peter
Product: WP Data Access
Published: Jun 15, 2026
Source: NVD
CVE-2026-42639 CRITICAL - 9.3

Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.

Vendor: Dev4Press
Product: GD Rating System
Published: Jun 15, 2026
Source: NVD
CVE-2026-42386 CRITICAL - 9.3

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.

Vendor: tychesoftwares
Product: Order Delivery Date for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-42381 CRITICAL - 9.3

Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.

Vendor: FunnelKit
Product: Funnel Builder by FunnelKit
Published: Jun 15, 2026
Source: NVD
CVE-2026-40798 CRITICAL - 9.3

Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.

Vendor: Tomdever
Product: wpForo Forum
Published: Jun 15, 2026
Source: NVD
CVE-2026-40772 CRITICAL - 10.0

Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.

Vendor: Ahmad
Product: GeekyBot
Published: Jun 15, 2026
Source: NVD
CVE-2026-40771 CRITICAL - 9.3

Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.

Vendor: Wasiliy Strecker
Product: Contest Gallery
Published: Jun 15, 2026
Source: NVD
CVE-2026-39591 CRITICAL - 9.9

Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.

Vendor: CMSJunkie โ€“ WordPress Business Directory Plugins
Product: WP-BusinessDirectory
Published: Jun 15, 2026
Source: NVD
CVE-2026-39583 CRITICAL - 9.8

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.

Vendor: Datalogics
Product: Datalogics Ecommerce Delivery
Published: Jun 15, 2026
Source: NVD
CVE-2026-39530 CRITICAL - 9.3

Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.

Vendor: SpeakOut!
Product: SpeakOut! Email Petitions
Published: Jun 15, 2026
Source: NVD
CVE-2026-39519 CRITICAL - 9.3

Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.

Vendor: Ahmad
Product: GeekyBot
Published: Jun 15, 2026
Source: NVD
CVE-2026-39512 CRITICAL - 9.3

Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.

Vendor: Paolo
Product: GeoDirectory
Published: Jun 15, 2026
Source: NVD
CVE-2026-39511 CRITICAL - 9.3

Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.

Vendor: Jacob N. Breetvelt
Product: WP Photo Album Plus
Published: Jun 15, 2026
Source: NVD
CVE-2026-39502 CRITICAL - 9.3

Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.

Vendor: 10Web
Product: Form Maker by 10Web
Published: Jun 15, 2026
Source: NVD