Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-49112

WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability_CVE-2026-49112

Unauthenticated Path Traversal in Shared Files

Tammersoft Shared Files n/a CVE
HIGH 7.5 CVE-2026-49110

WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability_CVE-2026-49110

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce

WP Swings Upsell Order Bump Offer for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-49083

WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability_CVE-2026-49083

Contributor Privilege Escalation in LatePoint

LatePoint LatePoint n/a CVE
HIGH 7.4 CVE-2026-49082

WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability_CVE-2026-49082

Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons

Chatway Live Chat Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons n/a CVE
HIGH 7.5 CVE-2026-49078

WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability_CVE-2026-49078

Unauthenticated Other Vulnerability Type in WP Travel Engine

WP Travel Engine WP Travel Engine n/a CVE
HIGH 7.5 CVE-2026-49070

WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability_CVE-2026-49070

Unauthenticated Broken Access Control in Knit Pay

Knit Pay Knit Pay n/a CVE
HIGH 7.5 CVE-2026-49068

WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability_CVE-2026-49068

Subscriber Sensitive Data Exposure in Coupon Affiliates

RelyWP Coupon Affiliates n/a CVE
HIGH 7.5 CVE-2026-49066

WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability_CVE-2026-49066

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway

Conekta Group Conekta Payment Gateway n/a CVE
HIGH 8.2 CVE-2026-49065

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability_CVE-2026-49065

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce

hippooo Hippoo Mobile App for WooCommerce n/a CVE
HIGH 7.3 CVE-2026-49063

WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability_CVE-2026-49063

Unauthenticated Privilege Escalation in Listdom

Webilia Inc. Listdom n/a CVE