Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2025-58902

WordPress Lighthouse theme <= 1.2.12 - Local File Inclusion vulnerability_CVE-2025-58902

Unauthenticated Local File Inclusion in Lighthouse

AncoraThemes Lighthouse n/a CVE
HIGH 7.5 CVE-2026-9563

CVE-2026-9563_CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of chara...

Eclipse Foundation Eclipse Parsson 1.0.0 CVE
HIGH 8.1 CVE-2026-8147

Authorization Bypass in mlflow/mlflow_CVE-2026-8147

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This al...

mlflow mlflow/mlflow unspecified CVE
HIGH 7.2 CVE-2026-9834

WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter_CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versi...

databasebackup WP Database Backup – Unlimited Database & Files Backup by Backup for WP CVE
HIGH 7.5 CVE-2026-8441

WP Review Slider Pro <= 12.7.2 - Unauthenticated SQL Injection via 'notinstring' Parameter_CVE-2026-8441

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action...

https://wpreviewslider.com/ WP Review Slider Pro CVE
HIGH 8.2 CVE-2026-14336

CVE-2026-14336_CVE-2026-14336

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, p...

Eclipse Foundation Eclipse CSI - PIA CVE
HIGH 7.5 CVE-2026-13369

Ninja Forms – File Uploads <= 3.3.29 - Unauthenticated Arbitrary File Read via File Upload Field 'files[].data.file_path' Parameter_CVE-2026-13369

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attach_files() function in versions up to, and inc...

SaturdayDrive Ninja Forms - File Uploads CVE
HIGH 7.5 CVE-2026-13251

Perfmatters <= 2.6.4 - Unauthenticated Arbitrary File Read via 's' Parameter_CVE-2026-13251

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This m...

perfmatters Perfmatters CVE
HIGH 8.1 CVE-2026-5821

Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection_CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficien...

elemntor Image Optimizer – Optimize Images and Convert to WebP or AVIF CVE
HIGH 7.5 CVE-2026-14249

Request a Quote Form Plugin <= 2.5.5 - Unauthenticated Code Injection via 'path' Parameter_CVE-2026-14249

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd_delete_file AJAX actio...

emarket-design Request a Quote – Quote Forms for Any WordPress Site CVE