Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.3 CVE-2026-49063

WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability_CVE-2026-49063

Unauthenticated Privilege Escalation in Listdom

Webilia Inc. Listdom n/a CVE
HIGH 7.5 CVE-2026-49061

WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability_CVE-2026-49061

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce

WPClever WPC Product Options for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-49056

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability_CVE-2026-49056

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels n/a CVE
HIGH 7.1 CVE-2026-49055

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49055

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7

Glen Don Mongaya Drag and Drop Multiple File Upload – Contact Form 7 n/a CVE
HIGH 8.1 CVE-2026-48970

WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability_CVE-2026-48970

Unauthenticated Broken Authentication in Really Simple SSL

Really Simple Plugins Really Simple SSL n/a CVE
HIGH 7.1 CVE-2026-48966

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48966

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit

FunnelKit Funnel Builder by FunnelKit n/a CVE
HIGH 8.5 CVE-2026-48964

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability_CVE-2026-48964

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System

ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System n/a CVE
HIGH 8.8 CVE-2026-48889

WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability_CVE-2026-48889

Subscriber Privilege Escalation in Amelia

TMS Amelia n/a CVE
HIGH 7.1 CVE-2026-48885

WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48885

Unauthenticated Cross Site Scripting (XSS) in HollerBox

Groundhogg HollerBox n/a CVE
HIGH 7.5 CVE-2026-48883

WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability_CVE-2026-48883

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce

WPClever WPC Product Bundles for WooCommerce n/a CVE