Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.4 CVE-2026-13733

Download Manager <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute_CVE-2026-13733

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute in all versions up to,...

codename065 Download Manager CVE
MEDIUM 6.4 CVE-2026-12732

LearnPress <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_wrapper_form' Shortcode Attribute_CVE-2026-12732

The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_wrapper_form' shortcode attribute in versions up to...

thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses CVE
MEDIUM 4.3 CVE-2026-12435

Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter_CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and incl...

stylemix Motors – Car Dealership & Classified Listings Plugin CVE
MEDIUM 4.3 CVE-2026-12408

Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter_CVE-2026-12408

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all ver...

rilwis Slim SEO – A Fast & Automated SEO Plugin For WordPress CVE
MEDIUM 5.6 CVE-2026-10540

Weak password hash protection in Control-M/Entreprise Manager_CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attac...

BMC Control-M/Enterprise Manager 9.0.21 CVE
MEDIUM 4.3 CVE-2026-10096

Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter_CVE-2026-10096

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'page_id' ...

qodeinteractive Qi Blocks CVE
MEDIUM 6.9 MS:CVE-2026-41992

Global Buffer Overflow in GNU gzip_MS:CVE-2026-41992

{“lastseen”:”2026-07-01T07:54:17″,”description”:””,”published”:”2026-06-30T08:02:...

N/A N/A MSCVE
MEDIUM 6.5 CVE-2026-12110

Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'task_search' Parameter_CVE-2026-12110

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the '...

taskbuilder Taskbuilder – Project Management & Task Management Tool With Kanban Board CVE
MEDIUM 6.5 CVE-2026-12090

Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'wppm_proj_filter' Parameter_CVE-2026-12090

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the '...

taskbuilder Taskbuilder – Project Management & Task Management Tool With Kanban Board CVE
MEDIUM 6.5 CVE-2026-11988

LearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' Parameter_CVE-2026-11988

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in ...

thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses CVE