Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.6 CVE-2026-54804

WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability_CVE-2026-54804

Subscriber Broken Authentication in Melhor Envio

melhorenvio Melhor Envio n/a CVE
HIGH 7.5 CVE-2026-54802

WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability_CVE-2026-54802

Unauthenticated Broken Authentication in SMS Alert Order Notifications

Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications n/a CVE
HIGH 7.1 CVE-2026-54195

WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54195

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder

Jetmonsters JetFormBuilder n/a CVE
HIGH 7.1 CVE-2026-54192

WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-54192

Unauthenticated Cross Site Scripting (XSS) in Popup box

Ays Pro Popup box n/a CVE
HIGH 7.1 CVE-2026-54189

WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54189

Unauthenticated Cross Site Scripting (XSS) in JetEngine

Jetimpex Inc. JetEngine n/a CVE
HIGH 7.1 CVE-2026-54188

WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54188

Unauthenticated Cross Site Scripting (XSS) in JetEngine

Jetimpex Inc. JetEngine n/a CVE
HIGH 8.5 CVE-2026-54185

WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability_CVE-2026-54185

Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

THEMECO Cornerstone n/a CVE
HIGH 8.2 CVE-2026-54184

WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-54184

Unauthenticated Insecure Direct Object References (IDOR) in Clean Login

Alberto Hornero Clean Login n/a CVE
HIGH 7.4 CVE-2026-52698

WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability_CVE-2026-52698

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget

Syed Balkhi PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget n/a CVE
HIGH 7.5 CVE-2026-52696

WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability_CVE-2026-52696

Unauthenticated Sensitive Data Exposure in JetBlog

Jetimpex Inc. JetBlog n/a CVE