Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-39449

WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39449

Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API

IT Path Solutions Contact Form to Any API n/a CVE
HIGH 7.1 CVE-2026-39447

WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39447

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments

NSquared Simply Schedule Appointments n/a CVE
HIGH 7.1 CVE-2026-39435

WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39435

Unauthenticated Cross Site Scripting (XSS) in CformsII

bgermann CformsII n/a CVE
HIGH 7.2 CVE-2026-39434

WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability_CVE-2026-39434

Shop manager PHP Object Injection in CTX Feed

WebAppick CTX Feed n/a CVE
HIGH 7.1 CVE-2026-34902

WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-34902

Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite

WC Product Table WooCommerce Product Table Lite n/a CVE
HIGH 7.1 CVE-2026-34900

WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-34900

Unauthenticated Cross Site Scripting (XSS) in GiveWP

Liquid Web / StellarWP GiveWP n/a CVE
HIGH 7.5 CVE-2026-34898

WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability_CVE-2026-34898

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce

WP Swings Event Tickets Manager for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-34891

WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability_CVE-2026-34891

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce

IDPay IDPay Payment Gateway for Woocommerce n/a CVE
HIGH 7.5 CVE-2026-34886

WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability_CVE-2026-34886

Unauthenticated Broken Access Control in Simple Membership

wp.insider Simple Membership n/a CVE
HIGH 7.2 CVE-2026-27407

WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability_CVE-2026-27407

Editor Privilege Escalation in AI Engine

Meow Apps AI Engine n/a CVE