Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-48873

WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability_CVE-2026-48873

Unauthenticated Broken Access Control in Montonio for WooCommerce

Montonio Montonio for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-48872

WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability_CVE-2026-48872

Unauthenticated Sensitive Data Exposure in EmbedPress

WPDeveloper EmbedPress n/a CVE
HIGH 7.1 CVE-2026-48871

WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48871

Unauthenticated Cross Site Scripting (XSS) in MW WP Form

Takashi Kitajima MW WP Form n/a CVE
HIGH 7.5 CVE-2026-48868

WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-48868

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart

mra13 / Team Tips and Tricks HQ Simple Shopping Cart n/a CVE
HIGH 7.1 CVE-2026-48867

WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48867

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master

ExpressTech Quiz And Survey Master n/a CVE
HIGH 7.1 CVE-2026-48838

WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48838

Unauthenticated Cross Site Scripting (XSS) in Post SMTP

WPExperts Post SMTP n/a CVE
HIGH 7.5 CVE-2026-48835

WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability_CVE-2026-48835

Unauthenticated Broken Access Control in Contact Form by WPForms

Awesomemotive Contact Form by WPForms n/a CVE
HIGH 7.5 CVE-2026-48708

OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination_CVE-2026-48708

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared t...

OliveTin OliveTin < 3000.13.0 CVE
HIGH 8.5 CVE-2026-48124

Cursor Desktop sandbox escape via Claude hook configuration_CVE-2026-48124

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook c...

cursor cursor < 3.0.0 CVE
HIGH 8.6 CVE-2026-47825

Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations_CVE-2026-47825

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affe...

Spring Spring Cloud Gateway 3.1.0 CVE