Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.8 CVE-2026-57323

WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability_CVE-2026-57323

Unauthenticated Broken Access Control in Flash & HTML5 Video

bPlugins Flash & HTML5 Video n/a CVE
MEDIUM 6.5 CVE-2026-57318

WordPress Site Reviews plugin <= 8.0.11 - Sensitive Data Exposure vulnerability_CVE-2026-57318

Subscriber Sensitive Data Exposure in Site Reviews

Gemini Labs Site Reviews n/a CVE
MEDIUM 6.5 CVE-2026-57316

WordPress GetGenie plugin <= 4.4.2 - Sensitive Data Exposure vulnerability_CVE-2026-57316

Subscriber Sensitive Data Exposure in GetGenie

Roxnor GetGenie n/a CVE
MEDIUM 6.5 CVE-2026-57313

WordPress SureCart plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57313

Subscriber Cross Site Scripting (XSS) in SureCart

SureCart SureCart n/a CVE
MEDIUM 5.8 CVE-2026-56066

WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability_CVE-2026-56066

Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images

ShortPixel ShortPixel Adaptive Images n/a CVE
MEDIUM 6.5 CVE-2026-56048

WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-56048

Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce

tychesoftwares Payment Gateway Based Fees and Discounts for WooCommerce n/a CVE
MEDIUM 6.5 CVE-2026-56046

WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56046

Subscriber Cross Site Scripting (XSS) in ListingPro

CridioStudio ListingPro n/a CVE
MEDIUM 6.4 CVE-2026-56026

WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-56026

Subscriber Server Side Request Forgery (SSRF) in utm.codes

Chris Carlevato utm.codes n/a CVE
MEDIUM 6.5 CVE-2026-52701

WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability_CVE-2026-52701

Unauthenticated Broken Access Control in User Registration

Themegrill User Registration n/a CVE
MEDIUM 6.5 CVE-2026-4339

SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server_CVE-2026-4339

Mattermost versions 10.11.x

Mattermost Mattermost 10.11.0 CVE