| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41556 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions. | ||
| CVE-2026-40799 | Med | 0.34 | 5.3 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions. | ||
| CVE-2026-40798 | Cri | 0.60 | 9.3 | 0.00 | Jun 15, 2026 | Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions. | ||
| CVE-2026-40796 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions. | ||
| CVE-2026-40795 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Broken Access Control in Amelia <= 2.2 versions. | ||
| CVE-2026-40794 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Broken Access Control in myCred <= 3.0.3 versions. | ||
| CVE-2026-40793 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Broken Access Control in Groundhogg < 4.4.1 versions. | ||
| CVE-2026-40792 | Med | 0.41 | 6.3 | 0.00 | Jun 15, 2026 | Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions. | ||
| CVE-2026-40791 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions. | ||
| CVE-2026-40790 | Med | 0.35 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions. | ||
| CVE-2026-40789 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions. | ||
| CVE-2026-40788 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. | ||
| CVE-2026-40787 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions. | ||
| CVE-2026-40785 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions. | ||
| CVE-2026-40782 | Med | 0.35 | 6.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. | ||
| CVE-2026-40781 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions. | ||
| CVE-2026-40779 | Hig | 0.50 | 7.7 | 0.00 | Jun 15, 2026 | Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions. | ||
| CVE-2026-40776 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions. | ||
| CVE-2026-40775 | Hig | 0.47 | 7.3 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions. | ||
| CVE-2026-40774 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions. | ||
| CVE-2026-40773 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions. | ||
| CVE-2026-40772 | Cri | 0.65 | 10.0 | 0.00 | Jun 15, 2026 | Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions. | ||
| CVE-2026-40771 | Cri | 0.60 | 9.3 | 0.00 | Jun 15, 2026 | Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions. | ||
| CVE-2026-40770 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions. | ||
| CVE-2026-40769 | Hig | 0.56 | 8.6 | 0.00 | Jun 15, 2026 | Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions. | ||
| CVE-2026-40767 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions. | ||
| CVE-2026-40766 | Hig | 0.48 | 8.5 | 0.00 | Jun 15, 2026 | Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions. | ||
| CVE-2026-40762 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions. | ||
| CVE-2026-40743 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions. | ||
| CVE-2026-40741 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions. | ||
| CVE-2026-40732 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions. | ||
| CVE-2026-40727 | Hig | 0.50 | 7.7 | 0.00 | Jun 15, 2026 | Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions. | ||
| CVE-2026-39594 | Med | 0.42 | 6.4 | 0.00 | Jun 15, 2026 | Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions. | ||
| CVE-2026-39591 | Cri | 0.64 | 9.9 | 0.00 | Jun 15, 2026 | Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. | ||
| CVE-2026-39587 | Hig | 0.53 | 8.1 | 0.00 | Jun 15, 2026 | Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions. | ||
| CVE-2026-39584 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions. | ||
| CVE-2026-39583 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. | ||
| CVE-2026-39579 | Hig | 0.57 | 8.8 | 0.00 | Jun 15, 2026 | Contributor Privilege Escalation in B Blocks <= 2.0.31 versions. | ||
| CVE-2026-39540 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions. | ||
| CVE-2026-39534 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions. | ||
| CVE-2026-39533 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions. | ||
| CVE-2026-39532 | Hig | 0.50 | 8.8 | 0.00 | Jun 15, 2026 | Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. | ||
| CVE-2026-39530 | Cri | 0.60 | 9.3 | 0.00 | Jun 15, 2026 | Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions. | ||
| CVE-2026-39527 | Med | 0.35 | 5.4 | 0.00 | Jun 15, 2026 | Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions. | ||
| CVE-2026-39525 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions. | ||
| CVE-2026-39524 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions. | ||
| CVE-2026-39519 | Cri | 0.60 | 9.3 | 0.00 | Jun 15, 2026 | Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions. | ||
| CVE-2026-39518 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. | ||
| CVE-2026-39515 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Broken Access Control in Motors < 1.4.107 versions. | ||
| CVE-2026-39514 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions. |
- risk 0.42cvss 6.5epss 0.00
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
- risk 0.34cvss 5.3epss 0.00
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
- risk 0.60cvss 9.3epss 0.00
Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Broken Access Control in Amelia <= 2.2 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
- risk 0.41cvss 6.3epss 0.00
Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
- risk 0.35cvss 6.5epss 0.00
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.
- risk 0.46cvss 7.1epss 0.00
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
- risk 0.46cvss 7.1epss 0.00
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
- risk 0.35cvss 6.5epss 0.00
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
- risk 0.50cvss 7.7epss 0.00
Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
- risk 0.47cvss 7.3epss 0.00
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.
- risk 0.65cvss 10.0epss 0.00
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
- risk 0.60cvss 9.3epss 0.00
Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
- risk 0.56cvss 8.6epss 0.00
Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
- risk 0.48cvss 8.5epss 0.00
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
- risk 0.42cvss 6.5epss 0.00
Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
- risk 0.50cvss 7.7epss 0.00
Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.
- risk 0.42cvss 6.4epss 0.00
Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.
- risk 0.64cvss 9.9epss 0.00
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
- risk 0.53cvss 8.1epss 0.00
Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.
- risk 0.57cvss 8.8epss 0.00
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
- risk 0.50cvss 8.8epss 0.00
Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.
- risk 0.60cvss 9.3epss 0.00
Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.
- risk 0.35cvss 5.4epss 0.00
Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
- risk 0.42cvss 6.5epss 0.00
Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
- risk 0.60cvss 9.3epss 0.00
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
- risk 0.46cvss 7.1epss 0.00
Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Broken Access Control in Motors < 1.4.107 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.