Total CVEs

145,779

Critical Severity

4,273

High Severity

15,744

Last 7 Days

2,233
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 6,101 - 6,120 of 42,184 CVEs
CVE-2026-56042 HIGH - 7.1

Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.

Vendor: Algolplus
Product: Advanced Order Export For WooCommerce
Published: Jun 25, 2026
Source: NVD
CVE-2026-56023 MEDIUM - 5.4

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.

Vendor: Knit Pay
Product: UPI QR Code Payment Gateway for WooCommerce
Published: Jun 25, 2026
Source: NVD
CVE-2026-56014 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.

Vendor: Averta
Product: Master Slider
Published: Jun 25, 2026
Source: NVD
CVE-2026-56013 MEDIUM - 6.5

Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.

Vendor: myCred
Product: License Manager for WooCommerce
Published: Jun 25, 2026
Source: NVD
CVE-2026-56006 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.

Vendor: H5P
Product: H5P
Published: Jun 25, 2026
Source: NVD
CVE-2026-56005 HIGH - 7.1

Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.

Vendor: Melapress
Product: WP Activity Log
Published: Jun 25, 2026
Source: NVD
CVE-2026-54849 CRITICAL - 9.3

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.

Vendor: Premmerce
Product: Premmerce Wishlist for WooCommerce
Published: Jun 25, 2026
Source: NVD
CVE-2026-54848 HIGH - 8.3

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.

Vendor: Saad Iqbal
Product: APIExperts Square for WooCommerce
Published: Jun 25, 2026
Source: NVD
CVE-2026-54845 HIGH - 8.1

Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.

Vendor: PluginUs.Net
Product: MDTF
Published: Jun 25, 2026
Source: NVD
CVE-2026-54844 HIGH - 7.5

Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.

Vendor: CheckView
Product: CheckView Automated Testing
Published: Jun 25, 2026
Source: NVD
CVE-2026-54843 CRITICAL - 9.3

Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.

Vendor: PluginUs.Net
Product: MDTF
Published: Jun 25, 2026
Source: NVD
CVE-2026-54842 HIGH - 8.1

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.

Vendor: Royal Plugins
Product: Royal MCP
Published: Jun 25, 2026
Source: NVD
CVE-2026-54841 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.

Vendor: Appsbd
Product: Vitepos
Published: Jun 25, 2026
Source: NVD
CVE-2026-54838 HIGH - 8.5

Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.

Vendor: Rymera Web Co
Product: WC Vendors Marketplace
Published: Jun 25, 2026
Source: NVD
CVE-2026-54836 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5.

Vendor: YMC
Product: YMC Filter
Published: Jun 25, 2026
Source: NVD
CVE-2026-54830 HIGH - 7.5

Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.

Vendor: Etoile Web Design Incorporated
Product: Five Star Restaurant Reservations
Published: Jun 25, 2026
Source: NVD
CVE-2026-54829 HIGH - 7.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.

Vendor: Jacob N. Breetvelt
Product: WP Photo Album Plus
Published: Jun 25, 2026
Source: NVD
CVE-2026-54828 HIGH - 7.5

Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.

Vendor: StylemixThemes
Product: Motors
Published: Jun 25, 2026
Source: NVD
CVE-2026-54823 CRITICAL - 9.9

Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.

Vendor: MarketingFire
Product: Widget Options
Published: Jun 25, 2026
Source: NVD
CVE-2026-54822 HIGH - 8.5

Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.

Vendor: SALESmanago
Product: SALESmanago & Leadoo
Published: Jun 25, 2026
Source: NVD