Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-42664 | Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions. | 8.2 | 0.25% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42661 | Custom role Path Traversal in WP Customer Area <= 8.3.4 versions. | 8.8 | 0.37% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42639 | Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42411 | Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions. | 8.1 | 0.40% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42386 | Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42381 | Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-40798 | Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-40772 | Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions. | 10.0 | 0.35% | 2026-06-15 | 2026-06-15 |
| CVE-2026-40771 | Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-40769 | Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field <= 1.0.6 versions. | 8.6 | 0.44% | 2026-06-15 | 2026-06-15 |
| CVE-2026-40766 | Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions. | 8.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39591 | Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions. | 9.9 | 0.46% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39587 | Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions. | 8.1 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39583 | Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions. | 9.8 | 0.36% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39579 | Contributor Privilege Escalation in B Blocks <= 2.0.31 versions. | 8.8 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39532 | Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. | 8.8 | 0.34% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39530 | Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions. | 9.3 | 0.30% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39519 | Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39512 | Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-39511 | Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions. | 9.3 | 0.29% | 2026-06-15 | 2026-06-15 |