Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-48876

WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48876

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers

Web Guy Stop Spammers n/a CVE
HIGH 8.5 CVE-2026-48874

WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability_CVE-2026-48874

Subscriber SQL Injection in GamiPress

Ruben Garcia GamiPress n/a CVE
HIGH 7.5 CVE-2026-48873

WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability_CVE-2026-48873

Unauthenticated Broken Access Control in Montonio for WooCommerce

Montonio Montonio for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-48872

WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability_CVE-2026-48872

Unauthenticated Sensitive Data Exposure in EmbedPress

WPDeveloper EmbedPress n/a CVE
HIGH 7.1 CVE-2026-48871

WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48871

Unauthenticated Cross Site Scripting (XSS) in MW WP Form

Takashi Kitajima MW WP Form n/a CVE
HIGH 7.5 CVE-2026-48868

WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-48868

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart

mra13 / Team Tips and Tricks HQ Simple Shopping Cart n/a CVE
HIGH 7.1 CVE-2026-48867

WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48867

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master

ExpressTech Quiz And Survey Master n/a CVE
HIGH 7.1 CVE-2026-48838

WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48838

Unauthenticated Cross Site Scripting (XSS) in Post SMTP

WPExperts Post SMTP n/a CVE
HIGH 7.5 CVE-2026-48835

WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability_CVE-2026-48835

Unauthenticated Broken Access Control in Contact Form by WPForms

Awesomemotive Contact Form by WPForms n/a CVE
HIGH 7.5 CVE-2026-48708

OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination_CVE-2026-48708

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared t...

OliveTin OliveTin < 3000.13.0 CVE