Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-42667

WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability_CVE-2026-42667

Unauthenticated Sensitive Data Exposure in Bookly

Bookly Bookly n/a CVE
HIGH 7.5 CVE-2026-42666

WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability_CVE-2026-42666

Unauthenticated Broken Access Control in Salon booking system

Dimitri Grassi Salon booking system n/a CVE
CRITICAL 9.3 CVE-2026-42665

WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability_CVE-2026-42665

Unauthenticated SQL Injection in WP Data Access

Passionate Programmer Peter WP Data Access n/a CVE
HIGH 8.2 CVE-2026-42664

WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability_CVE-2026-42664

Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search

Motive Commerce Search AI Product Search for WooCommerce – Motive Commerce Search n/a CVE
MEDIUM 6.5 CVE-2026-42663

WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42663

Unauthenticated Cross Site Scripting (XSS) in Simple Membership

wp.insider Simple Membership n/a CVE
MEDIUM 6.5 CVE-2026-42662

WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability_CVE-2026-42662

Unauthenticated Bypass Vulnerability in Event Tickets

Liquid Web / StellarWP Event Tickets n/a CVE
HIGH 8.8 CVE-2026-42661

WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability_CVE-2026-42661

Custom role Path Traversal in WP Customer Area

aguilatechnologies WP Customer Area n/a CVE
MEDIUM 6.5 CVE-2026-42660

WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability_CVE-2026-42660

Subscriber Sensitive Data Exposure in Contest Gallery

Wasiliy Strecker Contest Gallery n/a CVE
MEDIUM 6.5 CVE-2026-42659

WordPress Advanced Form Integration plugin <= 1.126.12 - Broken Access Control vulnerability_CVE-2026-42659

Subscriber Broken Access Control in Advanced Form Integration

Nasir Ahmed Advanced Form Integration n/a CVE
HIGH 7.1 CVE-2026-42658

WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42658

Unauthenticated Cross Site Scripting (XSS) in Classified Listing

Mamunur Rashid Classified Listing n/a CVE