Vulnerability Summary for the Week of June 15, 2026

2026-06-22 21:06

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
10Web–Form Maker by 10Web	Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.	2026-06-15	9.3	CVE-2026-39502
404-redirection-manager–404 Redirection Manager	The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloads to manipulate database queries and extract sensitive information from the WordPress database.	2026-06-15	8.2	CVE-2016-20071
A WP Life–Webenvo	Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.	2026-06-17	9.9	CVE-2026-39589
AA-Team–Premium Age Verification / Restriction for WordPress	Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.	2026-06-17	7.5	CVE-2025-49403
ACPT–ACPT (Pro) – Custom Post Types Plugin for WordPress	Improper Control of Generation of Code (‘Code Injection’) vulnerability in ACPT ACPT (Pro) – Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) – Custom Post Types Plugin for WordPress: from n/a through 2.0.47.	2026-06-16	10	CVE-2026-25470
activity-log.com–WP Sessions Time Monitoring Full Automatic	Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.	2026-06-16	8.5	CVE-2026-39581
Adobe–Adobe Acrobat PDF Extension (Chrome)	Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim’s session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.	2026-06-16	7.4	CVE-2026-48294
Adobe–DNG SDK	DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2026-06-16	7.8	CVE-2026-47964
Advanced Ads GmbH–Advanced Ads Tracking	Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.	2026-06-17	9.3	CVE-2025-59554
aguilatechnologies–WP Customer Area	Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.	2026-06-15	8.8	CVE-2026-42661
Ahmad–GeekyBot	Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.	2026-06-15	10	CVE-2026-40772
This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of June 15, 2026 Share this: Facebook X LinkedIn Like this: Like Loading… Related Tags: Bulletins EN Post navigation ← IT Security News Hourly Summary 2026-06-22 21h : 8 posts Texas Parks & Wildlife (TPWD) Data Breach impacts 3 Million People → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Telegram Channel Recent Posts IT Security News Daily Summary 2026-06-22 June 22, 2026 Rootkit Removal: A Step-by-Step Guide June 22, 2026 New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available June 22, 2026 Builder Culture Is Driving New AI Security Challenges June 22, 2026 Scope Squatting on ClawHub Exposes AI Supply Chain Risks June 22, 2026 AryStinger Botnet Hijacks 4,300+ Routers to Build Global Attack Proxy Network June 22, 2026 Malicious GST Debit Note Attachment Deploys Remcos RAT Through Multi-Stage Loader June 22, 2026 Windows RAT Uses Encrypted HTTP C2 and Registry Persistence After npm Infection June 22, 2026 23 ClawHub Plugins Abuse Official Org Scopes to Impersonate Trusted AI Agent Tools June 22, 2026 Why Resilient Systems Design Is Critical for Cloud Reliability June 22, 2026 WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools June 22, 2026 Data Breach with Eastman Kodak Company June 22, 2026 Cloudflare teams up with big browsers to help websites tell bots from people June 22, 2026 Klue Breach Exposes Salesforce Data at Cybersecurity Firms June 22, 2026 Security shops among the ‘hundreds’ of Klue hack victims June 22, 2026 Guarding AI memory June 22, 2026 Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach June 22, 2026 Mukesh Ambani’s Reliance AI Roadmap Puts Jio CallAgent Inside the Network June 22, 2026 Microsoft Confirms Windows Recycle Bin Bug Affects All Supported Versions June 22, 2026 A new unpatchable flaw in Apple chips opens the door to an iPhone jailbreak June 22, 2026 Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active Preferences Preferences Statistics Statistics Marketing Marketing Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}