Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-57690

WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57690

Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt

Fuelthemes Werkstatt n/a CVE
MEDIUM 4.3 CVE-2026-57689

WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability_CVE-2026-57689

Subscriber Broken Access Control in Werkstatt

Fuelthemes Werkstatt n/a CVE
MEDIUM 4.3 CVE-2026-57685

WordPress Martfury – WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability_CVE-2026-57685

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme

drfuri Martfury - WooCommerce Marketplace WordPress Theme n/a CVE
MEDIUM 6.5 CVE-2026-57684

WordPress TheFox theme <= 3.9.70 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57684

Contributor Cross Site Scripting (XSS) in TheFox

tranmautritam TheFox n/a CVE
MEDIUM 6.4 CVE-2026-57681

WordPress GeoDirectory plugin <= 2.8.161 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-57681

Subscriber Server Side Request Forgery (SSRF) in GeoDirectory

Paolo GeoDirectory n/a CVE
MEDIUM 6.5 CVE-2026-57680

WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57680

Unauthenticated Insecure Direct Object References (IDOR) in Kirki

Themeum Kirki n/a CVE
MEDIUM 6.5 CVE-2026-57669

WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability_CVE-2026-57669

Subscriber Broken Access Control in Advanced Contact form 7 DB

Vsourz Digital Advanced Contact form 7 DB n/a CVE
MEDIUM 6.5 CVE-2026-57355

WordPress Classified Listing plugin <= 5.4.2 - Broken Access Control vulnerability_CVE-2026-57355

Subscriber Broken Access Control in Classified Listing

RadiusTheme Classified Listing n/a CVE
MEDIUM 6.5 CVE-2026-57354

WordPress JetReviews plugin <= 3.0.0.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57354

Subscriber Cross Site Scripting (XSS) in JetReviews

Crocoblock. Jetimpex Inc. JetReviews n/a CVE
MEDIUM 6.5 CVE-2026-57353

WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability_CVE-2026-57353

Subscriber Broken Access Control in Link Whisper Premium

LinkWhisper Link Whisper Premium n/a CVE