Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 193F61B6-AFAB-

Exploit for External Control of File Name or Path in Microsoft_193F61B6-AFAB-5066-A82C-03D8AA8216BB

CVE-2025-24054 — Detection & Mitigation Lab Project log for a defensive security lab on CVE-2025-24054, the Windows New Technology LAN Manager NTLM...

N/A N/A GITHUBEXPLOIT
MEDIUM 5.3 CVE-2026-27435

WordPress Woffice theme < 5.4.33 - Broken Access Control vulnerability_CVE-2026-27435

Missing Authorization vulnerability in WofficeIO Woffice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affec...

WofficeIO Woffice n/a CVE
MEDIUM 6.5 CVE-2026-13454

MotoPress Appointment Booking <= 2.4.5 - Authenticated (Staff+) SQL Injection via 's' Parameter_CVE-2026-13454

The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and incl...

jetmonsters MotoPress Appointment Booking CVE
MEDIUM 6.1 CVE-2026-12754

VikBooking Hotel Booking Engine & PMS <= 1.8.12 - Reflected Cross-Site Scripting via 'layoutstyle' Parameter_CVE-2026-12754

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'layoutstyle' parameter in a...

e4jvikwp VikBooking Hotel Booking Engine & PMS CVE
MEDIUM 6.4 CVE-2026-13733

Download Manager <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute_CVE-2026-13733

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'no_data_msg' Shortcode Attribute in all versions up to,...

codename065 Download Manager CVE
MEDIUM 6.4 CVE-2026-12732

LearnPress <= 4.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_wrapper_form' Shortcode Attribute_CVE-2026-12732

The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_wrapper_form' shortcode attribute in versions up to...

thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses CVE
MEDIUM 4.3 CVE-2026-12435

Motors <= 1.4.111 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Modification via 'stm_mark_as_sold_car' Parameter_CVE-2026-12435

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and incl...

stylemix Motors – Car Dealership & Classified Listings Plugin CVE
MEDIUM 4.3 CVE-2026-12408

Slim SEO <= 4.9.8 - Authenticated (Contributor+) Insufficient Authorization to Private Content Disclosure via 'object.ID' Parameter_CVE-2026-12408

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all ver...

rilwis Slim SEO – A Fast & Automated SEO Plugin For WordPress CVE
MEDIUM 5.6 CVE-2026-10540

Weak password hash protection in Control-M/Entreprise Manager_CVE-2026-10540

The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attac...

BMC Control-M/Enterprise Manager 9.0.21 CVE
MEDIUM 4.3 CVE-2026-10096

Qi Blocks <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification via 'page_id' Parameter_CVE-2026-10096

The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'page_id' ...

qodeinteractive Qi Blocks CVE