Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-39491

WordPress JupiterX Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39491

Subscriber Cross Site Scripting (XSS) in JupiterX Core

artbees JupiterX Core n/a CVE
MEDIUM 4.4 CVE-2026-39489

WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability_CVE-2026-39489

Author Arbitrary File Download in Download Monitor

WP Chill Download Monitor n/a CVE
MEDIUM 6.8 CVE-2026-39468

WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability_CVE-2026-39468

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework

eLightUp Meta Box – WordPress Custom Fields Framework n/a CVE
MEDIUM 6.3 CVE-2026-39451

WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39451

Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider

jgwhite33 WP Google Review Slider n/a CVE
MEDIUM 6.5 CVE-2026-34892

WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability_CVE-2026-34892

Subscriber Broken Access Control in Rank Math SEO

Rank Math SEO Rank Math SEO n/a CVE
MEDIUM 5.3 CVE-2026-25440

WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability_CVE-2026-25440

Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.

WPDeveloper Essential Addons for Elementor n/a CVE
MEDIUM 6.5 CVE-2025-69332

WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability_CVE-2025-69332

Subscriber Broken Access Control in Bookify

myCred Bookify n/a CVE
MEDIUM 6.3 CVE-2025-68049

WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability_CVE-2025-68049

Subscriber Broken Access Control in bunny.net

bunny.net bunny.net n/a CVE
MEDIUM 4.4 CVE-2025-60175

WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability_CVE-2025-60175

Administrator Server Side Request Forgery (SSRF) in PopAd

vynnus PopAd n/a CVE
MEDIUM 5.3 MS:CVE-2026-12015

Chromium: CVE-2026-12015 Use after free  Autofill_MS:CVE-2026-12015

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...

N/A N/A MSCVE