Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-12158

RegistrationMagic <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation via 'rmc_assign_user_role_action' Parameter_CVE-2026-12158

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and ...

metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 6.0.9.1 CVE
CRITICAL 9.8 CVE-2026-11387

SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset_CVE-2026-11387

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation...

cozyvision1 SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery 3.9.5 CVE
MEDIUM 5.6 CVE-2026-10540

Weak password hash protection in Control-M/Entreprise Manager_CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attac...

BMC Control-M/Enterprise Manager 9.0.21 CVE
CRITICAL 9.5 CVE-2026-10539

Unauthenticated command injection in Control-M/Server communication command_CVE-2026-10539

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may all...

BMC Control-M/Server 9.0.21.300 CVE
HIGH 8.9 CVE-2026-10538

Improper deserialization handling in Control-M Components_CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out o...

BMC Control-M/Enterprise Manager 9.0.21 CVE
MEDIUM 4.3 CVE-2026-10096

Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter_CVE-2026-10096

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'page_id' ...

qodeinteractive Qi Blocks CVE
MEDIUM 6.5 CVE-2026-12110

Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'task_search' Parameter_CVE-2026-12110

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the '...

taskbuilder Taskbuilder – Project Management & Task Management Tool With Kanban Board CVE
MEDIUM 6.5 CVE-2026-12090

Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'wppm_proj_filter' Parameter_CVE-2026-12090

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the '...

taskbuilder Taskbuilder – Project Management & Task Management Tool With Kanban Board CVE
MEDIUM 6.5 CVE-2026-11988

LearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' Parameter_CVE-2026-11988

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in ...

thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses CVE
MEDIUM 4.3 CVE-2026-11981

GiveWP <= 4.15.3 - Cross-Site Request Forgery_CVE-2026-11981

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce v...

stellarwp GiveWP – Donation Plugin and Fundraising Platform CVE