Browse CVEs | Page 4 - CVEInfo.com

Total CVEs

136,968

Critical Severity

3,261

High Severity

12,143

Last 7 Days

1,836

Clear Filters

📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →

Showing 61 - 80 of 33,373 CVEs

CVE-2026-49065 HIGH - 8.2

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.

Vendor: hippooo

Product: Hippoo Mobile App for WooCommerce

Published: Jun 15, 2026

Source: NVD

CVE-2026-49063 HIGH - 7.3

Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.

Vendor: Webilia Inc.

Product: Listdom

Published: Jun 15, 2026

Source: NVD

CVE-2026-49061 HIGH - 7.5

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

Vendor: WPClever

Product: WPC Product Options for WooCommerce

Published: Jun 15, 2026

Source: NVD

CVE-2026-49056 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.

Vendor: WebToffee

Product: WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels

Published: Jun 15, 2026

Source: NVD

CVE-2026-49055 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.

Vendor: Glen Don Mongaya

Product: Drag and Drop Multiple File Upload – Contact Form 7

Published: Jun 15, 2026

Source: NVD

CVE-2026-49043 MEDIUM - 4.7

Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.

Vendor: WP Engine

Product: WP Migrate Lite

Published: Jun 15, 2026

Source: NVD

CVE-2026-48970 HIGH - 8.1

Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.

Vendor: Really Simple Plugins

Product: Really Simple SSL

Published: Jun 15, 2026

Source: NVD

CVE-2026-48966 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.

Vendor: FunnelKit

Product: Funnel Builder by FunnelKit

Published: Jun 15, 2026

Source: NVD

CVE-2026-48965 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.

Vendor: watchful

Product: XCloner

Published: Jun 15, 2026

Source: NVD

CVE-2026-48964 HIGH - 8.5

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

Vendor: ELEXtensions

Product: ELEX WordPress HelpDesk & Customer Ticketing System

Published: Jun 15, 2026

Source: NVD

CVE-2026-48889 HIGH - 8.8

Subscriber Privilege Escalation in Amelia <= 2.3 versions.

Vendor: TMS

Product: Amelia

Published: Jun 15, 2026

Source: NVD

CVE-2026-48887 MEDIUM - 6.5

Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.

Vendor: Ahmad

Product: JS Help Desk

Published: Jun 15, 2026

Source: NVD

CVE-2026-48886 CRITICAL - 9.3

Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.

Vendor: Ahmad

Product: JS Help Desk

Published: Jun 15, 2026

Source: NVD

CVE-2026-48885 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.

Vendor: Groundhogg

Product: HollerBox

Published: Jun 15, 2026

Source: NVD

CVE-2026-48883 HIGH - 7.5

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

Vendor: WPClever

Product: WPC Product Bundles for WooCommerce

Published: Jun 15, 2026

Source: NVD

CVE-2026-48882 HIGH - 8.5

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

Vendor: codepeople

Product: WP Time Slots Booking Form

Published: Jun 15, 2026

Source: NVD

CVE-2026-48881 CRITICAL - 9.1

Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.

Vendor: themetechmount

Product: TrueBooker

Published: Jun 15, 2026

Source: NVD

CVE-2026-48880 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.

Vendor: Ahmad

Product: WP Job Portal

Published: Jun 15, 2026

Source: NVD

CVE-2026-48878 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.

Vendor: Bootstrapped Ventures

Product: Visual Link Preview

Published: Jun 15, 2026

Source: NVD

CVE-2026-48876 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

Vendor: Web Guy

Product: Stop Spammers

Published: Jun 15, 2026

Source: NVD

« Previous 2 3 4 5 6 Next »