Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2026-39537

WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability_CVE-2026-39537

Unauthenticated Local File Inclusion in Mikado Core

Mikado-Themes Mikado Core n/a CVE
HIGH 7.5 CVE-2026-34888

WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability_CVE-2026-34888

Unauthenticated Sensitive Data Exposure in Bricksforge

Bricksforge Bricksforge n/a CVE
MEDIUM 6.5 CVE-2026-27410

WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability_CVE-2026-27410

Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.

VeronaLabs Slimstat Analytics n/a CVE
HIGH 8.6 CVE-2026-27400

WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability_CVE-2026-27400

Unauthenticated Arbitrary File Deletion in BookPro

Ovatheme BookPro n/a CVE
CRITICAL 9.9 CVE-2026-27041

WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability_CVE-2026-27041

Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium)

Studio Keren Aga LTD. Unlimited Elements for Elementor (Premium) n/a CVE
CRITICAL 9.9 CVE-2026-25446

WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability_CVE-2026-25446

Subscriber Arbitrary File Upload in WishList Member X

WishList Products, LLC. WishList Member X n/a CVE
HIGH 8.1 CVE-2026-25439

WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability_CVE-2026-25439

Unauthenticated Broken Authentication in Booknetic

fs-code Booknetic n/a CVE
CRITICAL 9.1 CVE-2026-24611

WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability_CVE-2026-24611

Unauthenticated Broken Access Control in MetForm Pro

WPMet MetForm Pro n/a CVE
MEDIUM 4.3 CVE-2026-24610

WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability_CVE-2026-24610

Subscriber Broken Access Control in MetForm Pro

WPMet MetForm Pro n/a CVE
MEDIUM 4.3 CVE-2026-24575

WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability_CVE-2026-24575

Subscriber Broken Access Control in WishList Member X

WishList Member WishList Member X n/a CVE