Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-57643

WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability_CVE-2026-57643

Contributor SQL Injection in WP Post Author

AF themes WP Post Author n/a CVE
HIGH 8.5 CVE-2026-57642

WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability_CVE-2026-57642

Contributor SQL Injection in Gallery

bestwebsoft Gallery n/a CVE
MEDIUM 6.5 CVE-2026-57641

WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57641

Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7

Contempoinc Real Estate 7 n/a CVE
MEDIUM 4.3 CVE-2026-57640

WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability_CVE-2026-57640

Subscriber Broken Access Control in MasterStudy LMS

Stylemix MasterStudy LMS n/a CVE
MEDIUM 6.5 CVE-2026-57638

WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57638

Contributor Cross Site Scripting (XSS) in Fluent Booking

WPManageNinja LLC Fluent Booking n/a CVE
MEDIUM 4.3 CVE-2026-57637

WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57637

Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce

tychesoftwares Abandoned Cart Lite for WooCommerce n/a CVE
HIGH 8.5 CVE-2026-57636

WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability_CVE-2026-57636

Contributor SQL Injection in wpForo Forum

Tomdever wpForo Forum n/a CVE
MEDIUM 6.5 CVE-2026-57635

WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57635

Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce

FunnelKit FunnelKit Payment Gateway for Stripe WooCommerce n/a CVE
MEDIUM 4.3 CVE-2026-57634

WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57634

Contributor Insecure Direct Object References (IDOR) in PPWP

WP Folio Team PPWP n/a CVE
MEDIUM 5.3 CVE-2026-57633

WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability_CVE-2026-57633

Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare

WCBoost WCBoost – Products Compare n/a CVE