Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.2 CVE-2026-27407

WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability_CVE-2026-27407

Editor Privilege Escalation in AI Engine

Meow Apps AI Engine n/a CVE
HIGH 8.1 CVE-2026-27333

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability_CVE-2026-27333

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site

VideoWhisper.com Paid Videochat Turnkey Site n/a CVE
HIGH 7.5 CVE-2026-27089

WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability_CVE-2026-27089

Unauthenticated Bypass Vulnerability in WpTravelly

Magepeople inc. WpTravelly n/a CVE
HIGH 7.5 CVE-2026-25425

WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability_CVE-2026-25425

Unauthenticated Broken Access Control in User Registration

ThemeGrill User Registration n/a CVE
HIGH 8.5 CVE-2026-24637

WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability_CVE-2026-24637

Contributor SQL Injection in PowerPress Podcasting

Blubrry Podcasting PowerPress Podcasting n/a CVE
HIGH 7.1 CVE-2026-23970

WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-23970

Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7

Themeisle Redirection for Contact Form 7 n/a CVE
HIGH 7.1 CVE-2025-68872

WordPress Eli’s WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-68872

Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics

Eli Eli's WordCents adSense Widget with Analytics n/a CVE
HIGH 7.1 CVE-2025-68851

WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-68851

Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit

ArrayHQ Okay Toolkit n/a CVE
HIGH 7.1 CVE-2025-68840

WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-68840

Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO

markbeljaars iRobots.txt SEO n/a CVE
HIGH 7.5 CVE-2025-59133

WordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerability_CVE-2025-59133

Custom role Insecure Direct Object References (IDOR) in Projectopia

Projectopia Projectopia n/a CVE