Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-34898

WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability_CVE-2026-34898

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce

WP Swings Event Tickets Manager for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-34891

WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability_CVE-2026-34891

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce

IDPay IDPay Payment Gateway for Woocommerce n/a CVE
HIGH 7.5 CVE-2026-34886

WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability_CVE-2026-34886

Unauthenticated Broken Access Control in Simple Membership

wp.insider Simple Membership n/a CVE
HIGH 7.2 CVE-2026-27407

WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability_CVE-2026-27407

Editor Privilege Escalation in AI Engine

Meow Apps AI Engine n/a CVE
HIGH 8.1 CVE-2026-27333

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability_CVE-2026-27333

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site

VideoWhisper.com Paid Videochat Turnkey Site n/a CVE
HIGH 7.5 CVE-2026-27089

WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability_CVE-2026-27089

Unauthenticated Bypass Vulnerability in WpTravelly

Magepeople inc. WpTravelly n/a CVE
HIGH 7.5 CVE-2026-25425

WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability_CVE-2026-25425

Unauthenticated Broken Access Control in User Registration

ThemeGrill User Registration n/a CVE
HIGH 8.5 CVE-2026-24637

WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability_CVE-2026-24637

Contributor SQL Injection in PowerPress Podcasting

Blubrry Podcasting PowerPress Podcasting n/a CVE
HIGH 7.1 CVE-2026-23970

WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-23970

Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7

Themeisle Redirection for Contact Form 7 n/a CVE
HIGH 7.1 CVE-2025-68872

WordPress Eli’s WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-68872

Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics

Eli Eli's WordCents adSense Widget with Analytics n/a CVE