Total CVEs

138,463

Critical Severity

3,569

High Severity

12,815

Last 7 Days

1,987
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,561 - 1,580 of 34,868 CVEs
CVE-2026-49043 MEDIUM - 4.7

Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.

Vendor: WP Engine
Product: WP Migrate Lite
Published: Jun 15, 2026
Source: NVD
CVE-2026-48970 HIGH - 8.1

Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.

Vendor: Really Simple Plugins
Product: Really Simple SSL
Published: Jun 15, 2026
Source: NVD
CVE-2026-48966 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.

Vendor: FunnelKit
Product: Funnel Builder by FunnelKit
Published: Jun 15, 2026
Source: NVD
CVE-2026-48965 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.

Vendor: watchful
Product: XCloner
Published: Jun 15, 2026
Source: NVD
CVE-2026-48964 HIGH - 8.5

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

Vendor: ELEXtensions
Product: ELEX WordPress HelpDesk & Customer Ticketing System
Published: Jun 15, 2026
Source: NVD
CVE-2026-48889 HIGH - 8.8

Subscriber Privilege Escalation in Amelia <= 2.3 versions.

Vendor: TMS
Product: Amelia
Published: Jun 15, 2026
Source: NVD
CVE-2026-48887 MEDIUM - 6.5

Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.

Vendor: Ahmad
Product: JS Help Desk
Published: Jun 15, 2026
Source: NVD
CVE-2026-48886 CRITICAL - 9.3

Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.

Vendor: Ahmad
Product: JS Help Desk
Published: Jun 15, 2026
Source: NVD
CVE-2026-48885 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.

Vendor: Groundhogg
Product: HollerBox
Published: Jun 15, 2026
Source: NVD
CVE-2026-48883 HIGH - 7.5

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

Vendor: WPClever
Product: WPC Product Bundles for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-48882 HIGH - 8.5

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

Vendor: codepeople
Product: WP Time Slots Booking Form
Published: Jun 15, 2026
Source: NVD
CVE-2026-48881 CRITICAL - 9.1

Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.

Vendor: themetechmount
Product: TrueBooker
Published: Jun 15, 2026
Source: NVD
CVE-2026-48880 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.

Vendor: Ahmad
Product: WP Job Portal
Published: Jun 15, 2026
Source: NVD
CVE-2026-48878 MEDIUM - 6.5

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.

Vendor: Bootstrapped Ventures
Product: Visual Link Preview
Published: Jun 15, 2026
Source: NVD
CVE-2026-48876 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

Vendor: Web Guy
Product: Stop Spammers
Published: Jun 15, 2026
Source: NVD
CVE-2026-48874 HIGH - 8.5

Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

Vendor: Ruben Garcia
Product: GamiPress
Published: Jun 15, 2026
Source: NVD
CVE-2026-48873 HIGH - 7.5

Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

Vendor: Montonio
Product: Montonio for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-48872 HIGH - 7.5

Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

Vendor: WPDeveloper
Product: EmbedPress
Published: Jun 15, 2026
Source: NVD
CVE-2026-48871 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

Vendor: Takashi Kitajima
Product: MW WP Form
Published: Jun 15, 2026
Source: NVD
CVE-2026-48870 MEDIUM - 6.5

Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.

Vendor: King Addons
Product: King Addons for Elementor
Published: Jun 15, 2026
Source: NVD