Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.4 CVE-2026-52698

WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability_CVE-2026-52698

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget

Syed Balkhi PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget n/a CVE
HIGH 7.5 CVE-2026-52696

WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability_CVE-2026-52696

Unauthenticated Sensitive Data Exposure in JetBlog

Jetimpex Inc. JetBlog n/a CVE
HIGH 7.1 CVE-2026-49778

WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49778

Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro

WPFunnels WPFunnels Pro n/a CVE
HIGH 8.2 CVE-2026-49081

WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability_CVE-2026-49081

Unauthenticated Broken Access Control in User Registration Stripe

ThemeGrill User Registration Stripe n/a CVE
HIGH 7.1 CVE-2026-49074

WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49074

Unauthenticated Cross Site Scripting (XSS) in JetEngine

Jetimpex Inc. JetEngine n/a CVE
HIGH 8.5 CVE-2026-48967

WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability_CVE-2026-48967

Subscriber SQL Injection in Geo Mashup

Dylan Kuhn Geo Mashup n/a CVE
HIGH 8.8 CVE-2026-42629

WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability_CVE-2026-42629

Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.

Powerpackelements PowerPack Pro for Elementor n/a CVE
HIGH 7.1 CVE-2026-42385

WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42385

Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro

Cozmoslabs Profile Builder Pro n/a CVE
HIGH 7.1 CVE-2026-41557

WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-41557

Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.

PressLayouts Kapee n/a CVE
HIGH 7.3 CVE-2026-40768

WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-40768

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system

Dimitri Grassi Salon booking system n/a CVE