CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-39437
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions.

Jun 16, 2026
CVE-2025-68045
7.5 HIGH

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.

Jun 16, 2026
CVE-2026-8444
8.8 HIGH

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up …

Jun 16, 2026
CVE-2026-8443
8.8 HIGH

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in …

Jun 16, 2026
CVE-2026-6933
8.8 HIGH

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is …

Jun 16, 2026
CVE-2026-7273
8.8 HIGH

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the …

Jun 16, 2026
CVE-2026-12161
8.8 HIGH

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify …

Jun 16, 2026
CVE-2026-48723
7.8 HIGH

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via …

Jun 15, 2026
CVE-2026-48017
8.8 HIGH

DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into …

Jun 15, 2026
CVE-2026-52702
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

Jun 15, 2026
CVE-2026-52700
8.5 HIGH

Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.

Jun 15, 2026
CVE-2026-52699
7.5 HIGH

Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

Jun 15, 2026
CVE-2026-52697
8.5 HIGH

Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

Jun 15, 2026
CVE-2026-52695
7.5 HIGH

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.

Jun 15, 2026
CVE-2026-52694
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.

Jun 15, 2026
CVE-2026-52692
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.

Jun 15, 2026
CVE-2026-49780
8.8 HIGH

Customer Privilege Escalation in Dokan <= 5.0.2 versions.

Jun 15, 2026
CVE-2026-49112
7.5 HIGH

Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.

Jun 15, 2026
CVE-2026-49110
7.5 HIGH

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

Jun 15, 2026
CVE-2026-49083
7.5 HIGH

Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.

Jun 15, 2026
CVE-2026-49082
7.4 HIGH

Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions.

Jun 15, 2026
CVE-2026-49078
7.5 HIGH

Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.

Jun 15, 2026
CVE-2026-49070
7.5 HIGH

Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.

Jun 15, 2026
CVE-2026-49068
7.5 HIGH

Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.

Jun 15, 2026
CVE-2026-49066
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.

Jun 15, 2026
CVE-2026-49065
8.2 HIGH

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.

Jun 15, 2026
CVE-2026-49063
7.3 HIGH

Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.

Jun 15, 2026
CVE-2026-49061
7.5 HIGH

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

Jun 15, 2026
CVE-2026-49056
7.5 HIGH

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.

Jun 15, 2026
CVE-2026-49055
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.

Jun 15, 2026
CVE-2026-48970
8.1 HIGH

Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.

Jun 15, 2026
CVE-2026-48966
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.

Jun 15, 2026
CVE-2026-48964
8.5 HIGH

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

Jun 15, 2026
CVE-2026-48889
8.8 HIGH

Subscriber Privilege Escalation in Amelia <= 2.3 versions.

Jun 15, 2026
CVE-2026-48885
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.

Jun 15, 2026
CVE-2026-48883
7.5 HIGH

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

Jun 15, 2026
CVE-2026-48882
8.5 HIGH

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

Jun 15, 2026
CVE-2026-48876
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

Jun 15, 2026
CVE-2026-48874
8.5 HIGH

Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

Jun 15, 2026
CVE-2026-48873
7.5 HIGH

Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

Jun 15, 2026
CVE-2026-48872
7.5 HIGH

Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

Jun 15, 2026
CVE-2026-48871
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

Jun 15, 2026
CVE-2026-48868
7.5 HIGH

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Jun 15, 2026
CVE-2026-48867
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

Jun 15, 2026
CVE-2026-48838
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.

Jun 15, 2026
CVE-2026-48835
7.5 HIGH

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

Jun 15, 2026
CVE-2026-48708
7.5 HIGH

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance …

Jun 15, 2026
CVE-2026-47825
8.6 HIGH

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway …

Jun 15, 2026
CVE-2026-47261
7.5 HIGH

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, …

Jun 15, 2026
CVE-2026-45441
7.5 HIGH

Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.

Jun 15, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.