Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-42384

WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability_CVE-2026-42384

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

NSquared Simply Schedule Appointments n/a CVE
HIGH 7.1 CVE-2026-40791

WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40791

Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form

codepeople WP Time Slots Booking Form n/a CVE
HIGH 7.5 CVE-2026-40789

WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability_CVE-2026-40789

Unauthenticated Sensitive Data Exposure in Amelia

TMS Amelia n/a CVE
HIGH 7.1 CVE-2026-40788

WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability_CVE-2026-40788

Subscriber Broken Access Control in ChatBot

QuantumCloud ChatBot n/a CVE
HIGH 7.1 CVE-2026-40787

WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40787

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master

ExpressTech Quiz And Survey Master n/a CVE
HIGH 7.1 CVE-2026-40785

WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability_CVE-2026-40785

Subscriber Broken Authentication in AutomatorWP

Ruben Garcia AutomatorWP n/a CVE
HIGH 7.5 CVE-2026-40781

WordPress ReviewX plugin <= 2.3.6 - Broken Authentication vulnerability_CVE-2026-40781

Unauthenticated Broken Authentication in ReviewX

ReviewX ReviewX n/a CVE
HIGH 7.7 CVE-2026-40779

WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability_CVE-2026-40779

Contributor Arbitrary File Deletion in Link Library

Yannick Lefebvre Link Library n/a CVE
HIGH 7.5 CVE-2026-40776

WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability_CVE-2026-40776

Unauthenticated Broken Access Control in WP Event SOlution

Arraytics WP Event SOlution n/a CVE
HIGH 7.3 CVE-2026-40775

WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability_CVE-2026-40775

Unauthenticated Broken Access Control in Royal MCP

Royal Plugins Royal MCP n/a CVE