Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-39515

WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability_CVE-2026-39515

Subscriber Broken Access Control in Motors < 1.4.107 versions.

StylemixThemes Motors n/a CVE
HIGH 7.1 CVE-2026-39514

WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39514

Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions

Cozmoslabs Paid Member Subscriptions n/a CVE
HIGH 7.5 CVE-2026-39513

WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability_CVE-2026-39513

Unauthenticated Broken Access Control in Easy Appointments

Easy Appointments Easy Appointments n/a CVE
CRITICAL 9.3 CVE-2026-39512

WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability_CVE-2026-39512

Unauthenticated SQL Injection in GeoDirectory

Paolo GeoDirectory n/a CVE
CRITICAL 9.3 CVE-2026-39511

WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability_CVE-2026-39511

Unauthenticated SQL Injection in WP Photo Album Plus

Jacob N. Breetvelt WP Photo Album Plus n/a CVE
HIGH 7.1 CVE-2026-39507

WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39507

Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed

Themeisle Social Slider Feed n/a CVE
HIGH 7.5 CVE-2026-39503

WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability_CVE-2026-39503

Unauthenticated Broken Access Control in Easy Digital Downloads

Awesomemotive Easy Digital Downloads n/a CVE
CRITICAL 9.3 CVE-2026-39502

WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability_CVE-2026-39502

Unauthenticated SQL Injection in Form Maker by 10Web

10Web Form Maker by 10Web 1.15.38 CVE
HIGH 7.2 CVE-2026-39499

WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability_CVE-2026-39499

Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce

Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce n/a CVE
HIGH 7.2 CVE-2026-39498

WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability_CVE-2026-39498

Shop manager PHP Object Injection in YayMail

Yeeaddons YayMail n/a CVE