Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-42667

WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability_CVE-2026-42667

Unauthenticated Sensitive Data Exposure in Bookly

Bookly Bookly n/a CVE
HIGH 7.5 CVE-2026-42666

WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability_CVE-2026-42666

Unauthenticated Broken Access Control in Salon booking system

Dimitri Grassi Salon booking system n/a CVE
HIGH 8.2 CVE-2026-42664

WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability_CVE-2026-42664

Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search

Motive Commerce Search AI Product Search for WooCommerce – Motive Commerce Search n/a CVE
HIGH 8.8 CVE-2026-42661

WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability_CVE-2026-42661

Custom role Path Traversal in WP Customer Area

aguilatechnologies WP Customer Area n/a CVE
HIGH 7.1 CVE-2026-42658

WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42658

Unauthenticated Cross Site Scripting (XSS) in Classified Listing

Mamunur Rashid Classified Listing n/a CVE
HIGH 7.5 CVE-2026-42655

WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability_CVE-2026-42655

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP

WPManageNinja Best Payments Plugin for WP n/a CVE
HIGH 7.2 CVE-2026-42650

WordPress AutomatorWP plugin <= 5.6.7 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42650

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP

Ruben Garcia AutomatorWP n/a CVE
HIGH 7.1 CVE-2026-42649

WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42649

Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator

Archetyped Favicon Rotator n/a CVE
HIGH 8.1 CVE-2026-42411

WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability_CVE-2026-42411

Unauthenticated Broken Authentication in CloudSecure WP Security

XServer CloudSecure WP Security n/a CVE
HIGH 7.5 CVE-2026-42384

WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability_CVE-2026-42384

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

NSquared Simply Schedule Appointments n/a CVE