Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

264069 matches found

Vulnrichment
Vulnrichmentadded 2026/06/02 1:34 p.m.9 views

CVE-2026-39555 WordPress Askka theme <= 1.3.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...

8.1CVSS5.8AI score0.00255EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/06/02 1:33 p.m.20 views

WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Niv Kochan in WordPress Plugin Montonio for WooCommerce versions = 10.1.2...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/06/02 1:29 p.m.6 views

WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by kai63001 in WordPress Plugin GamiPress versions = 7.8.7...

8.5CVSS5.9AI score0.00332EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/06/02 1:24 p.m.6 views

WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Austin Ginder in WordPress Plugin JetSmartFilters versions = 3.8.1...

9.3CVSS5.9AI score0.00372EPSS
Exploits0Affected Software1
Cvelist
Cvelistadded 2026/06/02 12:41 p.m.34 views

CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/02 12:41 p.m.10 views

CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
CVE
CVEadded 2026/06/02 12:41 p.m.12 views

CVE-2026-39553

CVE-2026-39553 concerns WordPress WaveRide theme versions up to 1.4, due to improper control of the filename for include/require in a PHP program, enabling Local File Inclusion (LFI). Affected software: WaveRide theme (Select-Themes) with PHP-based inclusion vulnerability. Root cause: inadequate ...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/02 12:39 p.m.7 views

CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/02 12:39 p.m.35 views

CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...

8.1CVSS0.00334EPSS
Exploits0References1
CVE
CVEadded 2026/06/02 12:39 p.m.9 views

CVE-2026-39552

CVE-2026-39552 affects the WordPress Blueprint theme prior to 1.1.5, which suffers from an Improper Control of Filename for Include/Require (PHP Local File Inclusion). The vulnerability arises from inadequate validation of included/required filenames, enabling an attacker to cause local file incl...

8.1CVSS5.8AI score0.00334EPSS
Exploits0References1
HackRead
HackReadadded 2026/06/02 12:29 p.m.11 views

New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected...

5.8AI score
Exploits0
NVD
NVDadded 2026/06/02 12:16 p.m.13 views

CVE-2026-42684

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...

9.3CVSS0.00299EPSS
Exploits0References1
NVD
NVDadded 2026/06/02 12:16 p.m.12 views

CVE-2026-42685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

7.1CVSS0.00146EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/06/02 11:0 a.m.12 views

WordPress EmergencyWP – Dead Man's switch & legacy deliverance plugin <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by swat in WordPress Plugin EmergencyWP – Dead Man's switch & legacy deliverance versions = 1.4.2...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/06/02 10:57 a.m.9 views

WordPress Passeum Ticketing plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Passeum Ticketing versions = 1.0...

4.4CVSS5.8AI score0.00208EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploitadded 2026/06/02 10:53 a.m.149 views

Exploit for CVE-2026-8206

CVE-2026-8206 - Kirki WordPress Plugin Mass Exploit !Python...

9.8CVSS6AI score0.0126EPSS
Exploits4
Vulnrichment
Vulnrichmentadded 2026/06/02 10:46 a.m.8 views

CVE-2026-39551 WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/02 10:46 a.m.37 views

CVE-2026-39551 WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

8.1CVSS0.00308EPSS
Exploits0References1
CVE
CVEadded 2026/06/02 10:46 a.m.15 views

CVE-2026-39551

The CVE-2026-39551 entry concerns the WordPress Töbel theme (versions &lt;= 1.8.1) with a PHP Object Injection /deserialization vulnerability in Töbel. Affected component: Töbel theme; root cause: deserialization of untrusted data enabling object injection. Impact metrics from Patchstack indicate...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/02 10:44 a.m.34 views

CVE-2026-39550 WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

8.1CVSS0.00308EPSS
Exploits0References1
Rows per page
Query Builder