Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2026-32523 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2. CVSSv3.1 9.9 (CRITICAL) · EPSS 15th percentile
CVE-2026-32522 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5. CVSSv3.1 8.6 (HIGH) · EPSS 20th percentile
CVE-2026-32520 — Incorrect: Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This
Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-32519 — Incorrect: Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2. CVSSv3.1 9.0 (CRITICAL) · EPSS 17th percentile
CVE-2026-32516 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile
CVE-2026-32513 — Deserialization: of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2026-32512 — Deserialization: of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-32505 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through <= 2.0.8. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-32504 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-32503 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through <= 1.1.4. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-32502 — Deserialization: of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through < 1.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-32500 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through <= 1.1.4. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-32499 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through <= 7.7.9. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile
CVE-2026-32488 — Incorrect: Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9. CVSSv3.1 8.1 (HIGH) · EPSS 17th percentile
CVE-2026-32484 — Deserialization: of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile
CVE-2026-32482 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24. CVSSv3.1 9.9 (CRITICAL) · EPSS 15th percentile
CVE-2026-31921 — Authorization: Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly
Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2. CVSSv3.1 8.2 (HIGH) · EPSS 16th percentile
CVE-2026-31920 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2. CVSSv3.1 9.3 (CRITICAL) · EPSS 12th percentile
CVE-2026-31913 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16. CVSSv3.1 8.6 (HIGH) · EPSS 20th percentile
CVE-2026-27095 — Deserialization: of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation
Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through <= 5.6.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-27084 — Deserialization: of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-27083 — Deserialization: of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through <= 1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-27082 — Deserialization: of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through <= 1.3.12. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2026-27081 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2026-27080 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through <= 1.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile