Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2026-11794

Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping_CVE-2026-11794

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it crea...

Unknown Advanced Form Integration — Connect Forms to 200+ Apps CVE
HIGH 7.5 CVE-2026-11568

Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data_CVE-2026-11568

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning Woo...

Unknown Product Configurator for WooCommerce CVE
HIGH 8.1 CVE-2026-10750

Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools_CVE-2026-10750

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allow...

Unknown Royal MCP CVE
HIGH 8.8 CVE-2026-13228

LatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' Parameter_CVE-2026-13228

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in ...

latepoint LatePoint – Calendar Booking Plugin for Appointments and Events CVE
HIGH 7.2 CVE-2026-12142

NEX-Forms <= 9.2.2 - Unauthenticated Stored Cross-Site Scripting via '_name[]' Array Parameter_CVE-2026-12142

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via '_name[]' Array Parameter...

webaways NEX-Forms – Ultimate Forms Plugin for WordPress CVE
HIGH 7.2 CVE-2026-50043

CVE-2026-50043_CVE-2026-50043

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulne...

Seiko Solutions Inc. SkyBridge MB-A100/MB-A110 all versions CVE
HIGH 8.7 CVE-2026-12577

DVP80ES3 Improperly Implemented Security Check for Standard vulnerability_CVE-2026-12577

DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability.

deltaww DVP80ES3 CVE
HIGH 7.5 CVE-2026-12576

DVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability_CVE-2026-12576

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability.

deltaww DVP80ES3 CVE
HIGH 7.5 CVE-2026-12575

DVP80ES3 Improper Resource Shutdown or Release Vulnerability_CVE-2026-12575

DVP80ES3 with  Improper Resource Shutdown or Release vulnerability.

deltaww DVP80ES3 CVE
HIGH 8.8 CVE-2026-12224

Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint_CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including...

wedevs Dokan Pro CVE