Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-56037

WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability_CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a throu...

Themify Themify Popup n/a CVE
HIGH 7.7 CVE-2026-58652

luci-app-travelmate – Arbitrary Command Execution via UCI Script Parameter_CVE-2026-58652

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL...

openwrt luci-app-travelmate 2.4.5-r3 CVE
HIGH 8.8 CVE-2026-57766

WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57766

Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor

XplodedThemes WPIDE – File Manager & Code Editor n/a CVE
HIGH 8.5 CVE-2026-57765

WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability_CVE-2026-57765

Contributor SQL Injection in WP EasyCart

Levelfourdevelopment WP EasyCart n/a CVE
HIGH 7.1 CVE-2026-57761

WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability_CVE-2026-57761

Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP

BlueAstralThemes SEOWP n/a CVE
HIGH 8.8 CVE-2026-57759

WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability_CVE-2026-57759

Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid

Metagauss ProfileGrid n/a CVE
HIGH 7.1 CVE-2026-57758

WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability_CVE-2026-57758

Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce

BeRocket Permalink Manager for WooCommerce n/a CVE
HIGH 7.1 CVE-2026-57757

WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57757

Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup

ploudapp pCloud WP Backup n/a CVE
HIGH 8.5 CVE-2026-57756

WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability_CVE-2026-57756

Contributor SQL Injection in nicen-localize-image

友人a丶 nicen-localize-image n/a CVE
HIGH 8.5 CVE-2026-57752

WordPress iNET Webkit plugin 1.2.4 – SQL Injection vulnerability_CVE-2026-57752

Contributor SQL Injection in iNET Webkit 1.2.4 versions.

iNET iNET Webkit 1.2.4 CVE