CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-45437
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions.

Jun 15, 2026
CVE-2026-42775
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.

Jun 15, 2026
CVE-2026-42687
8.1 HIGH

Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.

Jun 15, 2026
CVE-2026-42686
7.1 HIGH

Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.

Jun 15, 2026
CVE-2026-42668
7.5 HIGH

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend <= 1.18.0 versions.

Jun 15, 2026
CVE-2026-42667
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.

Jun 15, 2026
CVE-2026-42666
7.5 HIGH

Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.

Jun 15, 2026
CVE-2026-42664
8.2 HIGH

Unauthenticated Broken Access Control in AI Product Search for WooCommerce &#8211; Motive Commerce Search <= 1.38.2 versions.

Jun 15, 2026
CVE-2026-42661
8.8 HIGH

Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.

Jun 15, 2026
CVE-2026-42658
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.

Jun 15, 2026
CVE-2026-42650
7.2 HIGH

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.

Jun 15, 2026
CVE-2026-42649
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.

Jun 15, 2026
CVE-2026-42411
8.1 HIGH

Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.

Jun 15, 2026
CVE-2026-42384
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

Jun 15, 2026
CVE-2026-40791
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.

Jun 15, 2026
CVE-2026-40789
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.

Jun 15, 2026
CVE-2026-40788
7.1 HIGH

Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.

Jun 15, 2026
CVE-2026-40787
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.

Jun 15, 2026
CVE-2026-40785
7.1 HIGH

Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.

Jun 15, 2026
CVE-2026-40781
7.5 HIGH

Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.

Jun 15, 2026
CVE-2026-40779
7.7 HIGH

Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.

Jun 15, 2026
CVE-2026-40776
7.5 HIGH

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.

Jun 15, 2026
CVE-2026-40775
7.3 HIGH

Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.

Jun 15, 2026
CVE-2026-40774
7.5 HIGH

Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.

Jun 15, 2026
CVE-2026-40770
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.

Jun 15, 2026
CVE-2026-40769
8.6 HIGH

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi &#8211; Save Entries, File Upload &amp; Country Code Field <= 1.0.6 versions.

Jun 15, 2026
CVE-2026-40767
7.5 HIGH

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

Jun 15, 2026
CVE-2026-40766
8.5 HIGH

Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.

Jun 15, 2026
CVE-2026-40762
7.5 HIGH

Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.

Jun 15, 2026
CVE-2026-40741
7.5 HIGH

Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.

Jun 15, 2026
CVE-2026-40732
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.

Jun 15, 2026
CVE-2026-40727
7.7 HIGH

Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

Jun 15, 2026
CVE-2026-39587
8.1 HIGH

Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.

Jun 15, 2026
CVE-2026-39579
8.8 HIGH

Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.

Jun 15, 2026
CVE-2026-39534
7.5 HIGH

Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.

Jun 15, 2026
CVE-2026-39533
7.5 HIGH

Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.

Jun 15, 2026
CVE-2026-39532
8.8 HIGH

Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.

Jun 15, 2026
CVE-2026-39524
7.5 HIGH

Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.

Jun 15, 2026
CVE-2026-39518
7.1 HIGH

Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.

Jun 15, 2026
CVE-2026-39514
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.

Jun 15, 2026
CVE-2026-39513
7.5 HIGH

Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.

Jun 15, 2026
CVE-2026-39507
7.1 HIGH

Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.

Jun 15, 2026
CVE-2026-39503
7.5 HIGH

Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.

Jun 15, 2026
CVE-2026-39499
7.2 HIGH

Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.

Jun 15, 2026
CVE-2026-39498
7.2 HIGH

Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.

Jun 15, 2026
CVE-2026-39481
7.2 HIGH

Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.

Jun 15, 2026
CVE-2026-39480
7.5 HIGH

Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 versions.

Jun 15, 2026
CVE-2026-39478
8.8 HIGH

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.

Jun 15, 2026
CVE-2026-39474
8.8 HIGH

Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.

Jun 15, 2026
CVE-2026-39472
7.2 HIGH

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.

Jun 15, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.