Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-39480

WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability_CVE-2026-39480

Unauthenticated Sensitive Data Exposure in Backup Migration

Inisev Backup Migration n/a CVE
HIGH 8.8 CVE-2026-39478

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability_CVE-2026-39478

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall

Eli Scheetz Anti-Malware Security and Brute-Force Firewall n/a CVE
HIGH 8.8 CVE-2026-39474

WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability_CVE-2026-39474

Contributor PHP Object Injection in Post Duplicator

metaphorcreations Post Duplicator n/a CVE
HIGH 7.2 CVE-2026-39472

WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability_CVE-2026-39472

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.

WP Overnight WooCommerce PDF Invoices & Packing Slips n/a CVE
HIGH 7.2 CVE-2026-39471

WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability_CVE-2026-39471

Author PHP Object Injection in ShortPixel Image Optimizer

ShortPixel ShortPixel Image Optimizer n/a CVE
HIGH 7.2 CVE-2026-39470

WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability_CVE-2026-39470

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.

Brainstorm Force WooCommerce Cart Abandonment Recovery n/a CVE
MEDIUM 6.8 CVE-2026-39468

WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability_CVE-2026-39468

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework

eLightUp Meta Box – WordPress Custom Fields Framework n/a CVE
CRITICAL 9.1 CVE-2026-39465

WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability_CVE-2026-39465

Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider

MetaSlider Responsive Slider by MetaSlider n/a CVE
HIGH 7.1 CVE-2026-39463

WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39463

Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker

ManageWP ManageWP Worker n/a CVE
MEDIUM 6.3 CVE-2026-39451

WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39451

Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider

jgwhite33 WP Google Review Slider n/a CVE