Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-56048

WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-56048

Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce

tychesoftwares Payment Gateway Based Fees and Discounts for WooCommerce n/a CVE
MEDIUM 6.5 CVE-2026-56046

WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56046

Subscriber Cross Site Scripting (XSS) in ListingPro

CridioStudio ListingPro n/a CVE
MEDIUM 6.4 CVE-2026-56026

WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-56026

Subscriber Server Side Request Forgery (SSRF) in utm.codes

Chris Carlevato utm.codes n/a CVE
MEDIUM 6.5 CVE-2026-52701

WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability_CVE-2026-52701

Unauthenticated Broken Access Control in User Registration

Themegrill User Registration n/a CVE
MEDIUM 6.5 CVE-2026-4339

SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server_CVE-2026-4339

Mattermost versions 10.11.x

Mattermost Mattermost 10.11.0 CVE
MEDIUM 5.5 CVE-2026-45256

Missing permission check in thr_kill2(2)_CVE-2026-45256

When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not ...

FreeBSD FreeBSD 15.0-RELEASE CVE
MEDIUM 6.5 CVE-2026-30040

CVE-2026-30040_CVE-2026-30040

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the...

n/a n/a n/a CVE
MEDIUM 5.3 CVE-2026-24547

WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability_CVE-2026-24547

Unauthenticated Broken Access Control in SiteGround Email Marketing

SiteGround SiteGround Email Marketing n/a CVE
MEDIUM 6.5 CVE-2025-68075

WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68075

Contributor Cross Site Scripting (XSS) in BNE Testimonials

Kerry BNE Testimonials n/a CVE
MEDIUM 6.5 CVE-2025-68074

WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability_CVE-2025-68074

Contributor Cross Site Scripting (XSS) in Image Carousel

GhozyLab Image Carousel n/a CVE