Total CVEs

137,266

Critical Severity

3,307

High Severity

12,261

Last 7 Days

1,364
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 161 - 180 of 11,958 CVEs
CVE-2026-40767 HIGH - 7.5

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

Vendor: Tomdever
Product: wpForo Forum
Published: Jun 15, 2026
Source: NVD
CVE-2026-40766 HIGH - 8.5

Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.

Vendor: StylemixThemes
Product: MasterStudy LMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-40762 HIGH - 7.5

Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.

Vendor: WPGraphQL
Product: WPGraphQL
Published: Jun 15, 2026
Source: NVD
CVE-2026-40741 HIGH - 7.5

Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.

Vendor: Jose Conti
Product: Redsys for WooCommerce Light
Published: Jun 15, 2026
Source: NVD
CVE-2026-40732 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.

Vendor: rainafarai
Product: Notification for Telegram
Published: Jun 15, 2026
Source: NVD
CVE-2026-40727 HIGH - 7.7

Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

Vendor: Groundhogg
Product: Groundhogg
Published: Jun 15, 2026
Source: NVD
CVE-2026-39587 HIGH - 8.1

Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.

Vendor: Hakan Ozevin
Product: WP BASE Booking
Published: Jun 15, 2026
Source: NVD
CVE-2026-39579 HIGH - 8.8

Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.

Vendor: bPlugins
Product: B Blocks
Published: Jun 15, 2026
Source: NVD
CVE-2026-39534 HIGH - 7.5

Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.

Vendor: Wp Directory Kit
Product: WP Directory Kit
Published: Jun 15, 2026
Source: NVD
CVE-2026-39533 HIGH - 7.5

Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.

Vendor: WPTasty
Product: AWP Classifieds
Published: Jun 15, 2026
Source: NVD
CVE-2026-39532 HIGH - 8.8

Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.

Vendor: Stiofan
Product: Events Calendar for GeoDirectory
Published: Jun 15, 2026
Source: NVD
CVE-2026-39524 HIGH - 7.5

Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.

Vendor: ThemeGrill
Product: Masteriyo - LMS
Published: Jun 15, 2026
Source: NVD
CVE-2026-39518 HIGH - 7.1

Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.

Vendor: EventPrime
Product: EventPrime
Published: Jun 15, 2026
Source: NVD
CVE-2026-39514 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.

Vendor: Cozmoslabs
Product: Paid Member Subscriptions
Published: Jun 15, 2026
Source: NVD
CVE-2026-39513 HIGH - 7.5

Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.

Vendor: Easy Appointments
Product: Easy Appointments
Published: Jun 15, 2026
Source: NVD
CVE-2026-39507 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.

Vendor: Themeisle
Product: Social Slider Feed
Published: Jun 15, 2026
Source: NVD
CVE-2026-39503 HIGH - 7.5

Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.

Vendor: Awesomemotive
Product: Easy Digital Downloads
Published: Jun 15, 2026
Source: NVD
CVE-2026-39499 HIGH - 7.2

Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.

Vendor: Wombat Plugins
Product: Advanced Product Fields (Product Addons) for WooCommerce
Published: Jun 15, 2026
Source: NVD
CVE-2026-39498 HIGH - 7.2

Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.

Vendor: Yeeaddons
Product: YayMail
Published: Jun 15, 2026
Source: NVD
CVE-2026-39481 HIGH - 7.2

Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.

Vendor: WP Chill
Product: Modula Image Gallery
Published: Jun 15, 2026
Source: NVD