Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-49778

WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49778

Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro

WPFunnels WPFunnels Pro n/a CVE
HIGH 8.2 CVE-2026-49081

WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability_CVE-2026-49081

Unauthenticated Broken Access Control in User Registration Stripe

ThemeGrill User Registration Stripe n/a CVE
HIGH 7.1 CVE-2026-49074

WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49074

Unauthenticated Cross Site Scripting (XSS) in JetEngine

Jetimpex Inc. JetEngine n/a CVE
HIGH 8.5 CVE-2026-48967

WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability_CVE-2026-48967

Subscriber SQL Injection in Geo Mashup

Dylan Kuhn Geo Mashup n/a CVE
HIGH 8.8 CVE-2026-42629

WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability_CVE-2026-42629

Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.

Powerpackelements PowerPack Pro for Elementor n/a CVE
HIGH 7.1 CVE-2026-42385

WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42385

Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro

Cozmoslabs Profile Builder Pro n/a CVE
HIGH 7.1 CVE-2026-41557

WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-41557

Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.

PressLayouts Kapee n/a CVE
HIGH 7.3 CVE-2026-40768

WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-40768

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system

Dimitri Grassi Salon booking system n/a CVE
HIGH 7.1 CVE-2026-40765

WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40765

Unauthenticated Cross Site Scripting (XSS) in collectchat

collectchat collectchat n/a CVE
HIGH 8.1 CVE-2026-40753

WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability_CVE-2026-40753

Unauthenticated PHP Object Injection in EasyMeals

Mikado-Themes EasyMeals n/a CVE