Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.9 CVE-2026-40783

WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability_CVE-2026-40783

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro

Creative Themes Blocksy Companion Pro n/a CVE
HIGH 7.3 CVE-2026-40768

WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-40768

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system

Dimitri Grassi Salon booking system n/a CVE
HIGH 7.1 CVE-2026-40765

WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40765

Unauthenticated Cross Site Scripting (XSS) in collectchat

collectchat collectchat n/a CVE
HIGH 8.1 CVE-2026-40753

WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability_CVE-2026-40753

Unauthenticated PHP Object Injection in EasyMeals

Mikado-Themes EasyMeals n/a CVE
CRITICAL 9.9 CVE-2026-40749

WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability_CVE-2026-40749

Subscriber Arbitrary File Upload in Charity Zone

themagnifico52 Charity Zone n/a CVE
CRITICAL 9.9 CVE-2026-40748

WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability_CVE-2026-40748

Subscriber Arbitrary File Upload in Kids Gift Shop

themagnifico52 Kids Gift Shop n/a CVE
CRITICAL 9.9 CVE-2026-40747

WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability_CVE-2026-40747

Subscriber Arbitrary File Upload in Ecommerce Zone

themagnifico52 Ecommerce Zone 0.9.7 CVE
CRITICAL 9.9 CVE-2026-40746

WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability_CVE-2026-40746

Subscriber Arbitrary File Upload in Restaurant Zone

themagnifico52 Restaurant Zone n/a CVE
HIGH 8.1 CVE-2026-40735

WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability_CVE-2026-40735

Unauthenticated PHP Object Injection in Reina

Edge-Themes Reina n/a CVE
HIGH 8.1 CVE-2026-40731

WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability_CVE-2026-40731

Unauthenticated Local File Inclusion in ChapterOne

Mikado-Themes ChapterOne n/a CVE