Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-39513

WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability_CVE-2026-39513

Unauthenticated Broken Access Control in Easy Appointments

Easy Appointments Easy Appointments n/a CVE
HIGH 7.1 CVE-2026-39507

WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39507

Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed

Themeisle Social Slider Feed n/a CVE
HIGH 7.5 CVE-2026-39503

WordPress Easy Digital Downloads plugin <= 3.6.5 - Broken Access Control vulnerability_CVE-2026-39503

Unauthenticated Broken Access Control in Easy Digital Downloads

Awesomemotive Easy Digital Downloads n/a CVE
HIGH 7.2 CVE-2026-39499

WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability_CVE-2026-39499

Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce

Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce n/a CVE
HIGH 7.2 CVE-2026-39498

WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability_CVE-2026-39498

Shop manager PHP Object Injection in YayMail

Yeeaddons YayMail n/a CVE
HIGH 7.2 CVE-2026-39481

WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability_CVE-2026-39481

Author PHP Object Injection in Modula Image Gallery

WP Chill Modula Image Gallery n/a CVE
HIGH 7.5 CVE-2026-39480

WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability_CVE-2026-39480

Unauthenticated Sensitive Data Exposure in Backup Migration

Inisev Backup Migration n/a CVE
HIGH 8.8 CVE-2026-39478

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability_CVE-2026-39478

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall

Eli Scheetz Anti-Malware Security and Brute-Force Firewall n/a CVE
HIGH 8.8 CVE-2026-39474

WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability_CVE-2026-39474

Contributor PHP Object Injection in Post Duplicator

metaphorcreations Post Duplicator n/a CVE
HIGH 7.2 CVE-2026-39472

WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability_CVE-2026-39472

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.

WP Overnight WooCommerce PDF Invoices & Packing Slips n/a CVE