Feed live

The CMS vulnerability ledger.

Every published CVE that touches a CMS, plugin, theme, or page builder — indexed, scored, and cross-referenced against the components running on your sites.

Total CVEs tracked

335,499

All time

Critical · Active

10,538

CVSS ≥ 9.0

New · 14 days

707

Newly disclosed

Feed last synced

4 hrs ago

Data freshness

Showing 1–30 CVEs

Sorted by Published · Newest first

CVE ID	Severity	CVSS	Title	Published
CVE-2026-40722	medium	5.5/10	WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability	Jun 17, 2026 10d ago
CVE-2026-40750	critical	9.9/10	WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability	Jun 16, 2026 11d ago
CVE-2026-40809	medium	6.5/10	WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability	Jun 16, 2026 11d ago
CVE-2026-49772	critical	9.3/10	WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability	Jun 16, 2026 11d ago
CVE-2026-49774	critical	9.9/10	WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability	Jun 16, 2026 11d ago
CVE-2026-54198	high	7.1/10	WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability	Jun 16, 2026 11d ago
CVE-2026-54197	medium	6.5/10	WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability	Jun 16, 2026 11d ago
CVE-2026-54191	high	7.1/10	WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability	Jun 16, 2026 11d ago
CVE-2026-54190	medium	6.5/10	WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability	Jun 16, 2026 11d ago
CVE-2026-52715	critical	9.3/10	WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability	Jun 16, 2026 11d ago
CVE-2026-52714	high	7.5/10	WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability	Jun 16, 2026 11d ago
CVE-2026-52712	high	7.6/10	WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability	Jun 16, 2026 11d ago
CVE-2026-52711	high	7.5/10	WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability	Jun 16, 2026 11d ago
CVE-2026-39581	high	8.5/10	WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability	Jun 16, 2026 11d ago
CVE-2026-39574	critical	9.3/10	WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability	Jun 16, 2026 11d ago
CVE-2026-39490	high	7.5/10	WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability	Jun 16, 2026 11d ago
CVE-2026-39437	high	7.1/10	WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerability	Jun 16, 2026 11d ago
CVE-2025-68045	high	7.5/10	WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability	Jun 16, 2026 11d ago
CVE-2026-52703	critical	9.6/10	WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability	Jun 15, 2026 11d ago
CVE-2026-52702	high	7.1/10	WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability	Jun 15, 2026 11d ago
CVE-2026-52700	high	8.5/10	WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability	Jun 15, 2026 11d ago
CVE-2026-52699	high	7.5/10	WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability	Jun 15, 2026 11d ago
CVE-2026-52697	high	8.5/10	WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability	Jun 15, 2026 11d ago
CVE-2026-52695	high	7.5/10	WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability	Jun 15, 2026 11d ago
CVE-2026-52694	high	7.5/10	WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability	Jun 15, 2026 11d ago
CVE-2026-52693	critical	9.3/10	WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability	Jun 15, 2026 11d ago
CVE-2026-52692	high	7.5/10	WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability	Jun 15, 2026 11d ago
CVE-2026-49781	critical	9.8/10	WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability	Jun 15, 2026 11d ago
CVE-2026-49780	high	8.8/10	WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability	Jun 15, 2026 11d ago
CVE-2026-49776	critical	9.3/10	WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability	Jun 15, 2026 11d ago