Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-40732

WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40732

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram

rainafarai Notification for Telegram n/a CVE
HIGH 7.7 CVE-2026-40727

WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability_CVE-2026-40727

Sales Representative Arbitrary File Deletion in Groundhogg

Groundhogg Groundhogg n/a CVE
HIGH 8.1 CVE-2026-39587

WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability_CVE-2026-39587

Unauthenticated Privilege Escalation in WP BASE Booking

Hakan Ozevin WP BASE Booking n/a CVE
HIGH 8.8 CVE-2026-39579

WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability_CVE-2026-39579

Contributor Privilege Escalation in B Blocks

bPlugins B Blocks n/a CVE
HIGH 7.5 CVE-2026-39534

WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability_CVE-2026-39534

Unauthenticated Broken Access Control in WP Directory Kit

Wp Directory Kit WP Directory Kit n/a CVE
HIGH 7.5 CVE-2026-39533

WordPress AWP Classifieds plugin <= 4.4.4 - Broken Access Control vulnerability_CVE-2026-39533

Unauthenticated Broken Access Control in AWP Classifieds

WPTasty AWP Classifieds n/a CVE
HIGH 8.8 CVE-2026-39532

WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability_CVE-2026-39532

Contributor PHP Object Injection in Events Calendar for GeoDirectory

Stiofan Events Calendar for GeoDirectory 2.3.25 CVE
HIGH 7.5 CVE-2026-39524

WordPress Masteriyo – LMS plugin <= 2.1.5 - Payment Bypass vulnerability_CVE-2026-39524

Unauthenticated Broken Access Control in Masteriyo - LMS

ThemeGrill Masteriyo - LMS n/a CVE
HIGH 7.1 CVE-2026-39518

WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-39518

Subscriber Insecure Direct Object References (IDOR) in EventPrime

EventPrime EventPrime n/a CVE
HIGH 7.1 CVE-2026-39514

WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39514

Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions

Cozmoslabs Paid Member Subscriptions n/a CVE