Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.1 CVE-2026-12754

VikBooking Hotel Booking Engine & PMS <= 1.8.12 - Reflected Cross-Site Scripting via 'layoutstyle' Parameter_CVE-2026-12754

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'layoutstyle' parameter in a...

e4jvikwp VikBooking Hotel Booking Engine & PMS CVE
HIGH 7.2 CVE-2026-50043

CVE-2026-50043_CVE-2026-50043

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulne...

Seiko Solutions Inc. SkyBridge MB-A100/MB-A110 all versions CVE
MEDIUM 6.4 CVE-2026-13733

Download Manager <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute_CVE-2026-13733

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute in all versions up to,...

codename065 Download Manager CVE
MEDIUM 6.4 CVE-2026-12732

LearnPress <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_wrapper_form' Shortcode Attribute_CVE-2026-12732

The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_wrapper_form' shortcode attribute in versions up to...

thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses CVE
HIGH 8.7 CVE-2026-12577

DVP80ES3 Improperly Implemented Security Check for Standard vulnerability_CVE-2026-12577

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.

deltaww DVP80ES3 CVE
HIGH 7.5 CVE-2026-12576

DVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability_CVE-2026-12576

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability.

deltaww DVP80ES3 CVE
HIGH 7.5 CVE-2026-12575

DVP80ES3 Improper Resource Shutdown or Release Vulnerability_CVE-2026-12575

DVP80ES3 with  Improper Resource Shutdown or Release vulnerability.

deltaww DVP80ES3 CVE
MEDIUM 4.3 CVE-2026-12435

Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter_CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and incl...

stylemix Motors – Car Dealership & Classified Listings Plugin CVE
MEDIUM 4.3 CVE-2026-12408

Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter_CVE-2026-12408

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all ver...

rilwis Slim SEO – A Fast & Automated SEO Plugin For WordPress CVE
HIGH 8.8 CVE-2026-12224

Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint_CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including...

wedevs Dokan Pro CVE