Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-40776

WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability_CVE-2026-40776

Unauthenticated Broken Access Control in WP Event SOlution

Arraytics WP Event SOlution n/a CVE
HIGH 7.3 CVE-2026-40775

WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability_CVE-2026-40775

Unauthenticated Broken Access Control in Royal MCP

Royal Plugins Royal MCP n/a CVE
HIGH 7.5 CVE-2026-40774

WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability_CVE-2026-40774

Unauthenticated Broken Access Control in Booking Package

SaasProject Booking Package n/a CVE
HIGH 7.1 CVE-2026-40770

WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40770

Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates

RelyWP Coupon Affiliates n/a CVE
HIGH 8.6 CVE-2026-40769

WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability_CVE-2026-40769

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field

Satinder Singh Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field n/a CVE
HIGH 7.5 CVE-2026-40767

WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability_CVE-2026-40767

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

Tomdever wpForo Forum n/a CVE
HIGH 8.5 CVE-2026-40766

WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability_CVE-2026-40766

Subscriber SQL Injection in MasterStudy LMS

StylemixThemes MasterStudy LMS n/a CVE
HIGH 7.5 CVE-2026-40762

WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability_CVE-2026-40762

Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.

WPGraphQL WPGraphQL n/a CVE
HIGH 7.5 CVE-2026-40741

WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability_CVE-2026-40741

Unauthenticated Broken Access Control in Redsys for WooCommerce Light

Jose Conti Redsys for WooCommerce Light n/a CVE
HIGH 7.1 CVE-2026-40732

WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40732

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram

rainafarai Notification for Telegram n/a CVE