Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-57640

WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability_CVE-2026-57640

Subscriber Broken Access Control in MasterStudy LMS

Stylemix MasterStudy LMS n/a CVE
MEDIUM 6.5 CVE-2026-57638

WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57638

Contributor Cross Site Scripting (XSS) in Fluent Booking

WPManageNinja LLC Fluent Booking n/a CVE
MEDIUM 4.3 CVE-2026-57637

WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57637

Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce

tychesoftwares Abandoned Cart Lite for WooCommerce n/a CVE
HIGH 8.5 CVE-2026-57636

WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability_CVE-2026-57636

Contributor SQL Injection in wpForo Forum

Tomdever wpForo Forum n/a CVE
MEDIUM 6.5 CVE-2026-57635

WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57635

Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce

FunnelKit FunnelKit Payment Gateway for Stripe WooCommerce n/a CVE
MEDIUM 4.3 CVE-2026-57634

WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57634

Contributor Insecure Direct Object References (IDOR) in PPWP

WP Folio Team PPWP n/a CVE
MEDIUM 5.3 CVE-2026-57633

WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability_CVE-2026-57633

Unauthenticated Sensitive Data Exposure in WCBoost – Products Compare

WCBoost WCBoost – Products Compare n/a CVE
MEDIUM 5.4 CVE-2026-57632

WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability_CVE-2026-57632

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend

Omnisend Email Marketing for WooCommerce by Omnisend n/a CVE
HIGH 7.6 CVE-2026-57631

WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability_CVE-2026-57631

Administrator SQL Injection in Popup box

Ays Pro Popup box n/a CVE
MEDIUM 5.3 CVE-2026-57630

WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57630

Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro

Creative Themes Blocksy Companion Pro n/a CVE