Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-39438

WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability_CVE-2026-39438

Unauthenticated SQL Injection in ListingPro

Emraan Cheema ListingPro n/a CVE
MEDIUM 6.5 CVE-2026-39433

WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability_CVE-2026-39433

Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.

mojoomla WPAMS n/a CVE
HIGH 8.1 CVE-2026-34895

WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability_CVE-2026-34895

Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.

WebGeniusLab Softlab Core n/a CVE
HIGH 8.1 CVE-2026-34894

WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability_CVE-2026-34894

Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.

WebGeniusLab Integrio Core n/a CVE
HIGH 8.1 CVE-2026-34893

WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability_CVE-2026-34893

Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.

WebGeniusLab Thegov Core n/a CVE
MEDIUM 5.6 CVE-2026-2604

Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling_CVE-2026-2604

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus ac...

GNOME Evolution Data Server CVE
CRITICAL 9.8 CVE-2026-27429

WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability_CVE-2026-27429

Unauthenticated PHP Object Injection in Nifty

BoldThemes Nifty n/a CVE
CRITICAL 9.8 CVE-2026-27395

WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability_CVE-2026-27395

Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.

Schiocco Support Board n/a CVE
CRITICAL 10 CVE-2026-25470

WordPress ACPT (Pro) – Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability_CVE-2026-25470

Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote C...

ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress n/a CVE
HIGH 8.8 CVE-2026-12256

WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability_CVE-2026-12256

Contributor PHP Object Injection in Avada

ThemeFusion Avada n/a CVE