Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-39584

WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability_CVE-2026-39584

Subscriber Broken Access Control in RepairBuddy

Webful Creations RepairBuddy n/a CVE
MEDIUM 6.5 CVE-2026-39540

WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39540

Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce

Amit Mittal Shipment Tracker for Woocommerce n/a CVE
MEDIUM 5.4 CVE-2026-39527

WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability_CVE-2026-39527

Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.

sc Internet Vivoo WpStream n/a CVE
MEDIUM 6.5 CVE-2026-39525

WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability_CVE-2026-39525

Unauthenticated Broken Access Control in Booking Activities

Booking Activities Team Booking Activities n/a CVE
MEDIUM 6.5 CVE-2026-39515

WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability_CVE-2026-39515

Subscriber Broken Access Control in Motors < 1.4.107 versions.

StylemixThemes Motors n/a CVE
MEDIUM 6.5 CVE-2026-39491

WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39491

Subscriber Cross Site Scripting (XSS) in JupiterX Core

artbees JupiterX Core n/a CVE
MEDIUM 4.4 CVE-2026-39489

WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability_CVE-2026-39489

Author Arbitrary File Download in Download Monitor

WP Chill Download Monitor n/a CVE
MEDIUM 6.8 CVE-2026-39468

WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability_CVE-2026-39468

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework

eLightUp Meta Box – WordPress Custom Fields Framework n/a CVE
MEDIUM 6.3 CVE-2026-39451

WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39451

Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider

jgwhite33 WP Google Review Slider n/a CVE
MEDIUM 6.5 CVE-2026-34892

WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability_CVE-2026-34892

Subscriber Broken Access Control in Rank Math SEO

Rank Math SEO Rank Math SEO n/a CVE