Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-54198

WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-54198

Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant

David Lingren Media LIbrary Assistant n/a CVE
MEDIUM 6.5 CVE-2026-54197

WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability_CVE-2026-54197

Unauthenticated Sensitive Data Exposure in GetGenie

Wpmet GetGenie n/a CVE
HIGH 7.1 CVE-2026-54191

WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54191

Unauthenticated Cross Site Scripting (XSS) in Pods

Pods Framework Pods n/a CVE
MEDIUM 6.5 CVE-2026-54190

WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability_CVE-2026-54190

Unauthenticated Broken Access Control in Envira Photo Gallery

Awesomemotive Envira Photo Gallery n/a CVE
CRITICAL 9.3 CVE-2026-52715

WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability_CVE-2026-52715

Unauthenticated SQL Injection in GEO my WordPress

Eyal Fitoussi GEO my WordPress n/a CVE
HIGH 7.5 CVE-2026-52714

WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability_CVE-2026-52714

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO

SEO Squirrly SEO Plugin by Squirrly SEO n/a CVE
HIGH 7.6 CVE-2026-52712

WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability_CVE-2026-52712

Subscriber SQL Injection in Attendance Manager

tnomi Attendance Manager n/a CVE
HIGH 7.5 CVE-2026-52711

WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability_CVE-2026-52711

Unauthenticated Broken Access Control in WooCommerce POS

kilbot WooCommerce POS n/a CVE
CRITICAL 9.9 CVE-2026-49774

WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability_CVE-2026-49774

Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects...

Filipe Nasc RD Station n/a CVE
CRITICAL 9.3 CVE-2026-49772

WordPress The Events Calendar plugin 6.15.12-6.16.2 – SQL Injection vulnerability_CVE-2026-49772

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar al...

Liquid Web / StellarWP The Events Calendar 6.15.12 CVE