| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-54802 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions. | |||
| CVE-2026-54196 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions. | |||
| CVE-2026-54195 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions. | |||
| CVE-2026-54192 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions. | |||
| CVE-2026-54189 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | |||
| CVE-2026-54188 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. | |||
| CVE-2026-54187 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions. | |||
| CVE-2026-54186 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions. | |||
| CVE-2026-54185 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber SQL Injection in Cornerstone < 7.8.8 versions. | |||
| CVE-2026-54184 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions. | |||
| CVE-2026-52706 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions. | |||
| CVE-2026-52705 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. | |||
| CVE-2026-52698 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions. | |||
| CVE-2026-52696 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions. | |||
| CVE-2026-49778 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | |||
| CVE-2026-49767 | 0.00 | — | 0.01 | Jun 17, 2026 | Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions. | |||
| CVE-2026-49107 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions. | |||
| CVE-2026-49084 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions. | |||
| CVE-2026-49081 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions. | |||
| CVE-2026-49079 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions. | |||
| CVE-2026-49076 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. | |||
| CVE-2026-49075 | 0.00 | — | 0.00 | Jun 17, 2026 | Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions. | |||
| CVE-2026-49074 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions. | |||
| CVE-2026-49072 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions. | |||
| CVE-2026-49071 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions. | |||
| CVE-2026-49058 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions. | |||
| CVE-2026-48967 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions. | |||
| CVE-2026-48875 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions. | |||
| CVE-2026-45436 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions. | |||
| CVE-2026-42629 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions. | |||
| CVE-2026-42385 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions. | |||
| CVE-2026-42380 | 0.00 | — | 0.01 | Jun 17, 2026 | Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions. | |||
| CVE-2026-41557 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions. | |||
| CVE-2026-40783 | 0.00 | — | 0.01 | Jun 17, 2026 | Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. | |||
| CVE-2026-40768 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions. | |||
| CVE-2026-40765 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions. | |||
| CVE-2026-40753 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions. | |||
| CVE-2026-40749 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions. | |||
| CVE-2026-40748 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions. | |||
| CVE-2026-40747 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions. | |||
| CVE-2026-40746 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions. | |||
| CVE-2026-40735 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Reina <= 2.1 versions. | |||
| CVE-2026-40731 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions. | |||
| CVE-2026-40726 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions. | |||
| CVE-2026-40725 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions. | |||
| CVE-2026-40724 | 0.00 | — | 0.00 | Jun 17, 2026 | CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions. | |||
| CVE-2026-40723 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions. | |||
| CVE-2026-40721 | 0.00 | — | 0.00 | Jun 17, 2026 | Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions. | |||
| CVE-2026-39597 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions. | |||
| CVE-2026-39596 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. |
- CVE-2026-54802Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
- CVE-2026-54196Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
- CVE-2026-54195Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
- CVE-2026-54192Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
- CVE-2026-54189Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
- CVE-2026-54188Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
- CVE-2026-54187Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
- CVE-2026-54186Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
- CVE-2026-54185Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber SQL Injection in Cornerstone < 7.8.8 versions.
- CVE-2026-54184Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.
- CVE-2026-52706Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
- CVE-2026-52705Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.
- CVE-2026-52698Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions.
- CVE-2026-52696Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
- CVE-2026-49778Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
- CVE-2026-49767Jun 17, 2026risk 0.00cvss —epss 0.01
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
- CVE-2026-49107Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
- CVE-2026-49084Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
- CVE-2026-49081Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
- CVE-2026-49079Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
- CVE-2026-49076Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
- CVE-2026-49075Jun 17, 2026risk 0.00cvss —epss 0.00
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
- CVE-2026-49074Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
- CVE-2026-49072Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.
- CVE-2026-49071Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
- CVE-2026-49058Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
- CVE-2026-48967Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
- CVE-2026-48875Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
- CVE-2026-45436Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.
- CVE-2026-42629Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
- CVE-2026-42385Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
- CVE-2026-42380Jun 17, 2026risk 0.00cvss —epss 0.01
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
- CVE-2026-41557Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
- CVE-2026-40783Jun 17, 2026risk 0.00cvss —epss 0.01
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
- CVE-2026-40768Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.
- CVE-2026-40765Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
- CVE-2026-40753Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.
- CVE-2026-40749Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
- CVE-2026-40748Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
- CVE-2026-40747Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
- CVE-2026-40746Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
- CVE-2026-40735Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
- CVE-2026-40731Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
- CVE-2026-40726Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
- CVE-2026-40725Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
- CVE-2026-40724Jun 17, 2026risk 0.00cvss —epss 0.00
CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
- CVE-2026-40723Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
- CVE-2026-40721Jun 17, 2026risk 0.00cvss —epss 0.00
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
- CVE-2026-39597Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
- CVE-2026-39596Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.