Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-57347

WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability_CVE-2026-57347

Subscriber Sensitive Data Exposure in Hotel Booking Lite

jetmonsters Hotel Booking Lite n/a CVE
MEDIUM 6.5 CVE-2026-57342

WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57342

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images

ShortPixel ShortPixel Adaptive Images n/a CVE
MEDIUM 6.5 CVE-2026-49779

WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability_CVE-2026-49779

Customer Path Traversal in Tax Exempt for WooCommerce

Addify Tax Exempt for WooCommerce n/a CVE
MEDIUM 6.5 CVE-2026-27433

WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability_CVE-2026-27433

Unauthenticated Broken Access Control in Motors

StylemixThemes Motors n/a CVE
MEDIUM 6.5 CVE-2025-69132

WordPress Corpkit theme <= 1.0.5 - Sensitive Data Exposure vulnerability_CVE-2025-69132

Subscriber Sensitive Data Exposure in Corpkit

Zozothemes Corpkit n/a CVE
MEDIUM 5.3 CVE-2025-66076

WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability_CVE-2025-66076

Unauthenticated Broken Access Control in Woostify Sites Library

dylan ngo Woostify Sites Library n/a CVE
MEDIUM 5.3 CVE-2026-9188

Appointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.7.6 - Unauthenticated Insecure Direct Object Reference via Predictable 'edit_key' / 'appointmentkey' Parameter_CVE-2026-9188

The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all ...

wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment CVE
MEDIUM 6.5 CVE-2026-9145

Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload via Elementor Pro Form Upload Field 'raw_value'_CVE-2026-9145

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the create_entry_el() funct...

crmperks Database for Contact Form 7, WPforms, Elementor forms CVE
MEDIUM 4.3 CVE-2026-8482

Information leak in NSRPC client history_CVE-2026-8482

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) ...

Stormshield Stormshield Network Security 4.3.0 CVE
MEDIUM 6.5 CVE-2026-14029

Groundhogg <= 4.5.8 - Authenticated (Custom+) SQL Injection via 'select' Parameter_CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter ...

trainingbusinesspros Groundhogg — CRM, Newsletters, and Marketing Automation CVE