| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39595 | 0.00 | — | 0.00 | Jun 17, 2026 | Author Broken Access Control in W3 Total Cache <= 2.9.1 versions. | |||
| CVE-2026-39589 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions. | |||
| CVE-2026-39582 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions. | |||
| CVE-2026-39573 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions. | |||
| CVE-2026-39558 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Malmö <= 2.2 versions. | |||
| CVE-2026-39546 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions. | |||
| CVE-2026-39545 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions. | |||
| CVE-2026-39537 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions. | |||
| CVE-2026-34888 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions. | |||
| CVE-2026-27410 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions. | |||
| CVE-2026-27400 | 0.00 | — | 0.01 | Jun 17, 2026 | Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions. | |||
| CVE-2026-27041 | 0.00 | — | 0.00 | Jun 17, 2026 | Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions. | |||
| CVE-2026-25446 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions. | |||
| CVE-2026-25439 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions. | |||
| CVE-2026-24611 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions. | |||
| CVE-2026-24610 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions. | |||
| CVE-2026-24575 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions. | |||
| CVE-2026-22343 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions. | |||
| CVE-2026-22342 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions. | |||
| CVE-2026-22340 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions. | |||
| CVE-2026-22339 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions. | |||
| CVE-2026-22338 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions. | |||
| CVE-2026-22335 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions. | |||
| CVE-2026-22334 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions. | |||
| CVE-2026-22332 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions. | |||
| CVE-2026-22331 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions. | |||
| CVE-2026-22330 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Right Way <= 4.0 versions. | |||
| CVE-2026-22329 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions. | |||
| CVE-2026-22328 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions. | |||
| CVE-2026-22327 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions. | |||
| CVE-2026-22326 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions. | |||
| CVE-2026-22325 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions. | |||
| CVE-2026-9690 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions. | |||
| CVE-2025-69179 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions. | |||
| CVE-2025-69173 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions. | |||
| CVE-2025-69172 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Resurs <= 1.3 versions. | |||
| CVE-2025-69171 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions. | |||
| CVE-2025-69161 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Snowy <= 1.13 versions. | |||
| CVE-2025-69148 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Quirky <= 1.23 versions. | |||
| CVE-2025-69145 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Gat <= 1.16 versions. | |||
| CVE-2025-69138 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Privilege Escalation in Genemy <= 1.6.6 versions. | |||
| CVE-2025-69135 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions. | |||
| CVE-2025-69129 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. | |||
| CVE-2025-69117 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions. | |||
| CVE-2025-69110 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions. | |||
| CVE-2025-60223 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions. | |||
| CVE-2025-60218 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions. | |||
| CVE-2025-60205 | 0.00 | — | 0.01 | Jun 17, 2026 | Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions. | |||
| CVE-2025-59563 | 0.00 | — | 0.00 | Jun 17, 2026 | Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions. | |||
| CVE-2025-59560 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions. |
- CVE-2026-39595Jun 17, 2026risk 0.00cvss —epss 0.00
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
- CVE-2026-39589Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
- CVE-2026-39582Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
- CVE-2026-39573Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
- CVE-2026-39558Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
- CVE-2026-39546Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
- CVE-2026-39545Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
- CVE-2026-39537Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
- CVE-2026-34888Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
- CVE-2026-27410Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
- CVE-2026-27400Jun 17, 2026risk 0.00cvss —epss 0.01
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
- CVE-2026-27041Jun 17, 2026risk 0.00cvss —epss 0.00
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
- CVE-2026-25446Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
- CVE-2026-25439Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
- CVE-2026-24611Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
- CVE-2026-24610Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
- CVE-2026-24575Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
- CVE-2026-22343Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
- CVE-2026-22342Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
- CVE-2026-22340Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
- CVE-2026-22339Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
- CVE-2026-22338Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.
- CVE-2026-22335Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.
- CVE-2026-22334Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
- CVE-2026-22332Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
- CVE-2026-22331Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.
- CVE-2026-22330Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.
- CVE-2026-22329Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versions.
- CVE-2026-22328Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 versions.
- CVE-2026-22327Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.
- CVE-2026-22326Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.
- CVE-2026-22325Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.
- CVE-2026-9690Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
- CVE-2025-69179Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
- CVE-2025-69173Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions.
- CVE-2025-69172Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.
- CVE-2025-69171Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.
- CVE-2025-69161Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Snowy <= 1.13 versions.
- CVE-2025-69148Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Quirky <= 1.23 versions.
- CVE-2025-69145Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Gat <= 1.16 versions.
- CVE-2025-69138Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.
- CVE-2025-69135Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
- CVE-2025-69129Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions.
- CVE-2025-69117Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
- CVE-2025-69110Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.
- CVE-2025-60223Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
- CVE-2025-60218Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.
- CVE-2025-60205Jun 17, 2026risk 0.00cvss —epss 0.01
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
- CVE-2025-59563Jun 17, 2026risk 0.00cvss —epss 0.00
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
- CVE-2025-59560Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 versions.