CVE Database

108577+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-42662
6.5 MEDIUM

Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.

Jun 15, 2026
CVE-2026-42661
8.8 HIGH

Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.

Jun 15, 2026
CVE-2026-42660
6.5 MEDIUM

Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions.

Jun 15, 2026
CVE-2026-42659
6.5 MEDIUM

Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.

Jun 15, 2026
CVE-2026-42658
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.

Jun 15, 2026
CVE-2026-42657
5.3 MEDIUM

Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions.

Jun 15, 2026
CVE-2026-42656
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.

Jun 15, 2026
CVE-2026-42655
5.9 MEDIUM

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.

Jun 15, 2026
CVE-2026-42651
6.3 MEDIUM

Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.

Jun 15, 2026
CVE-2026-42650
7.2 HIGH

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.

Jun 15, 2026
CVE-2026-42649
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.

Jun 15, 2026
CVE-2026-42640
6.5 MEDIUM

Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.

Jun 15, 2026
CVE-2026-42639
9.3 CRITICAL

Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.

Jun 15, 2026
CVE-2026-42411
8.1 HIGH

Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.

Jun 15, 2026
CVE-2026-42386
9.3 CRITICAL

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.

Jun 15, 2026
CVE-2026-42384
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

Jun 15, 2026
CVE-2026-42381
9.3 CRITICAL

Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.

Jun 15, 2026
CVE-2026-42378
6.5 MEDIUM

Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.

Jun 15, 2026
CVE-2026-41556
6.5 MEDIUM

Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.

Jun 15, 2026
CVE-2026-40799
5.3 MEDIUM

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.

Jun 15, 2026
CVE-2026-40798
9.3 CRITICAL

Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.

Jun 15, 2026
CVE-2026-40796
6.5 MEDIUM

Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.

Jun 15, 2026
CVE-2026-40795
6.5 MEDIUM

Subscriber Broken Access Control in Amelia <= 2.2 versions.

Jun 15, 2026
CVE-2026-40794
6.5 MEDIUM

Subscriber Broken Access Control in myCred <= 3.0.3 versions.

Jun 15, 2026
CVE-2026-40793
6.5 MEDIUM

Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.

Jun 15, 2026
CVE-2026-40792
6.3 MEDIUM

Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions.

Jun 15, 2026
CVE-2026-40791
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.

Jun 15, 2026
CVE-2026-40790
6.5 MEDIUM

Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.

Jun 15, 2026
CVE-2026-40789
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.

Jun 15, 2026
CVE-2026-40788
7.1 HIGH

Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.

Jun 15, 2026
CVE-2026-40787
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.

Jun 15, 2026
CVE-2026-40785
7.1 HIGH

Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.

Jun 15, 2026
CVE-2026-40782
6.5 MEDIUM

Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.

Jun 15, 2026
CVE-2026-40781
7.5 HIGH

Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.

Jun 15, 2026
CVE-2026-40779
7.7 HIGH

Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.

Jun 15, 2026
CVE-2026-40776
7.5 HIGH

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.

Jun 15, 2026
CVE-2026-40775
7.3 HIGH

Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.

Jun 15, 2026
CVE-2026-40774
7.5 HIGH

Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.

Jun 15, 2026
CVE-2026-40773
6.5 MEDIUM

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.

Jun 15, 2026
CVE-2026-40772
10.0 CRITICAL

Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.

Jun 15, 2026
CVE-2026-40771
9.3 CRITICAL

Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.

Jun 15, 2026
CVE-2026-40770
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.

Jun 15, 2026
CVE-2026-40769
8.6 HIGH

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi &#8211; Save Entries, File Upload &amp; Country Code Field <= 1.0.6 versions.

Jun 15, 2026
CVE-2026-40767
7.5 HIGH

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

Jun 15, 2026
CVE-2026-40766
8.5 HIGH

Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.

Jun 15, 2026
CVE-2026-40762
7.5 HIGH

Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.

Jun 15, 2026
CVE-2026-40743
6.5 MEDIUM

Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

Jun 15, 2026
CVE-2026-40741
7.5 HIGH

Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.

Jun 15, 2026
CVE-2026-40732
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.

Jun 15, 2026
CVE-2026-40727
7.7 HIGH

Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

Jun 15, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.