Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-45436

WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability_CVE-2026-45436

Subscriber Broken Access Control in WPBakery Page Builder

Rain-Task Ltd. WPBakery Page Builder n/a CVE
MEDIUM 6.5 CVE-2026-40724

WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability_CVE-2026-40724

CP Client Arbitrary File Download in Client Portal (Pro)

Client Portal Ltd. Client Portal (Pro) n/a CVE
MEDIUM 4.3 CVE-2026-40723

WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability_CVE-2026-40723

Subscriber Broken Access Control in Bricks Builder

Bricks Bricks Builder n/a CVE
MEDIUM 4.7 CVE-2026-39595

WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability_CVE-2026-39595

Author Broken Access Control in W3 Total Cache

BoldGrid W3 Total Cache n/a CVE
MEDIUM 6.5 CVE-2026-27410

WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability_CVE-2026-27410

Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.

VeronaLabs Slimstat Analytics n/a CVE
MEDIUM 4.3 CVE-2026-24610

WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability_CVE-2026-24610

Subscriber Broken Access Control in MetForm Pro

WPMet MetForm Pro n/a CVE
MEDIUM 4.3 CVE-2026-24575

WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability_CVE-2026-24575

Subscriber Broken Access Control in WishList Member X

WishList Member WishList Member X n/a CVE
MEDIUM 4.8 CVE-2026-12491

Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations_CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image meta...

Red Hat Red Hat AI Inference Server CVE
MEDIUM 5.5 CVE-2026-40722

WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability_CVE-2026-40722

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This is...

Yoast BV Yoast SEO Premium n/a CVE
MEDIUM 4.8 CVE-2026-27870

CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT_CVE-2026-27870

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the ...

Teldat Regesta Smart HD-PLC - TLDPH16D2 11.02.05.10.02 CVE