Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-49061

WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability_CVE-2026-49061

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce

WPClever WPC Product Options for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-49056

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability_CVE-2026-49056

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels n/a CVE
HIGH 7.1 CVE-2026-49055

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49055

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7

Glen Don Mongaya Drag and Drop Multiple File Upload – Contact Form 7 n/a CVE
MEDIUM 4.7 CVE-2026-49043

WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-49043

Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite

WP Engine WP Migrate Lite n/a CVE
HIGH 8.1 CVE-2026-48970

WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability_CVE-2026-48970

Unauthenticated Broken Authentication in Really Simple SSL

Really Simple Plugins Really Simple SSL n/a CVE
HIGH 7.1 CVE-2026-48966

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48966

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit

FunnelKit Funnel Builder by FunnelKit n/a CVE
MEDIUM 6.5 CVE-2026-48965

WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability_CVE-2026-48965

Subscriber Sensitive Data Exposure in XCloner

watchful XCloner n/a CVE
HIGH 8.5 CVE-2026-48964

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability_CVE-2026-48964

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System

ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System n/a CVE
HIGH 8.8 CVE-2026-48889

WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability_CVE-2026-48889

Subscriber Privilege Escalation in Amelia

TMS Amelia n/a CVE
MEDIUM 6.5 CVE-2026-48887

WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability_CVE-2026-48887

Unauthenticated Broken Access Control in JS Help Desk

Ahmad JS Help Desk n/a CVE