Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.9 CVE-2026-7850

WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute_CVE-2026-7850

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displ...

Unknown WP Magnific Popup CVE
MEDIUM 4.9 CVE-2026-41280

Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects_CVE-2026-41280

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue aff...

Apache Software Foundation Apache DolphinScheduler CVE
MEDIUM 6.8 CVE-2026-54196

WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability_CVE-2026-54196

Subscriber Privilege Escalation in JetFormBuilder

Jetmonsters JetFormBuilder n/a CVE
MEDIUM 6.5 CVE-2026-49072

WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability_CVE-2026-49072

Unauthenticated Broken Access Control in WooCommerce Anti-Fraud

OPMC WooCommerce Anti-Fraud n/a CVE
MEDIUM 6.5 CVE-2026-49071

WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability_CVE-2026-49071

Unauthenticated Broken Authentication in WooCommerce Dropshipping

OPMC WooCommerce Dropshipping n/a CVE
MEDIUM 6.5 CVE-2026-45436

WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability_CVE-2026-45436

Subscriber Broken Access Control in WPBakery Page Builder

Rain-Task Ltd. WPBakery Page Builder n/a CVE
MEDIUM 6.5 CVE-2026-40724

WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability_CVE-2026-40724

CP Client Arbitrary File Download in Client Portal (Pro)

Client Portal Ltd. Client Portal (Pro) n/a CVE
MEDIUM 4.3 CVE-2026-40723

WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability_CVE-2026-40723

Subscriber Broken Access Control in Bricks Builder

Bricks Bricks Builder n/a CVE
MEDIUM 4.7 CVE-2026-39595

WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability_CVE-2026-39595

Author Broken Access Control in W3 Total Cache

BoldGrid W3 Total Cache n/a CVE
MEDIUM 6.5 CVE-2026-27410

WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability_CVE-2026-27410

Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.

VeronaLabs Slimstat Analytics n/a CVE