Total CVEs

138,463

Critical Severity

3,569

High Severity

12,815

Last 7 Days

1,994
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,521 - 1,540 of 34,868 CVEs
CVE-2026-52703 CRITICAL - 9.6

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

Vendor: Ninja Team
Product: FastDup
Published: Jun 15, 2026
Source: NVD
CVE-2026-52702 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

Vendor: wp-buy
Product: SEO Redirection
Published: Jun 15, 2026
Source: NVD
CVE-2026-52700 HIGH - 8.5

Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.

Vendor: WcMultishipping โ€“ Mondial Relay & Chronopost for Wooommerce
Product: WCMultiShipping
Published: Jun 15, 2026
Source: NVD
CVE-2026-52699 HIGH - 7.5

Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

Vendor: e4jvikwp
Product: VikRentCar
Published: Jun 15, 2026
Source: NVD
CVE-2026-52697 HIGH - 8.5

Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

Vendor: Taskbuilder
Product: Taskbuilder
Published: Jun 15, 2026
Source: NVD
CVE-2026-52695 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.

Vendor: Al Monsor
Product: ABC Crypto Checkout
Published: Jun 15, 2026
Source: NVD
CVE-2026-52694 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.

Vendor: WP E-Signature
Product: Signature Add-On for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-52693 CRITICAL - 9.3

Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.

Vendor: impleCode
Product: eCommerce Product Catalog
Published: Jun 15, 2026
Source: NVD
CVE-2026-52692 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.

Vendor: wp.insider
Product: Affiliates Manager
Published: Jun 15, 2026
Source: NVD
CVE-2026-49781 CRITICAL - 9.8

Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.

Vendor: Brainstorm Force
Product: OttoKit
Published: Jun 15, 2026
Source: NVD
CVE-2026-49780 HIGH - 8.8

Customer Privilege Escalation in Dokan <= 5.0.2 versions.

Vendor: Dokan, Inc.
Product: Dokan
Published: Jun 15, 2026
Source: NVD
CVE-2026-49776 CRITICAL - 9.3

Unauthenticated SQL Injection in GPTranslate โ€“ Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.

Vendor: JExtensions Store
Product: GPTranslate โ€“ Multilingual AI Translation for WordPress: Automatically Translate Websites
Published: Jun 15, 2026
Source: NVD
CVE-2026-49775 MEDIUM - 6.5

Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.

Vendor: info@welcart
Product: Welcart e-Commerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-49773 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

Vendor: FolioVision
Product: FV Flowplayer Video Player
Published: Jun 15, 2026
Source: NVD
CVE-2026-49770 CRITICAL - 9.8

Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.

Vendor: WP Travel Engine
Product: WP Travel Engine
Published: Jun 15, 2026
Source: NVD
CVE-2026-49769 CRITICAL - 9.8

Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.

Vendor: Tomdever
Product: wpForo Forum
Published: Jun 15, 2026
Source: NVD
CVE-2026-49768 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.

Vendor: Happyforms
Product: Happyforms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49766 CRITICAL - 9.9

Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.

Vendor: WP User Manager
Product: WP User Manager
Published: Jun 15, 2026
Source: NVD
CVE-2026-49765 CRITICAL - 9.8

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.

Vendor: CRM Perks
Product: Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms
Published: Jun 15, 2026
Source: NVD
CVE-2026-49764 CRITICAL - 9.8

Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.

Vendor: Metagauss
Product: RegistrationMagic
Published: Jun 15, 2026
Source: NVD