Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-52715

WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability_CVE-2026-52715

Unauthenticated SQL Injection in GEO my WordPress

Eyal Fitoussi GEO my WordPress n/a CVE
HIGH 7.5 CVE-2026-52714

WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability_CVE-2026-52714

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO

SEO Squirrly SEO Plugin by Squirrly SEO n/a CVE
HIGH 7.6 CVE-2026-52712

WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability_CVE-2026-52712

Subscriber SQL Injection in Attendance Manager

tnomi Attendance Manager n/a CVE
HIGH 7.5 CVE-2026-52711

WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability_CVE-2026-52711

Unauthenticated Broken Access Control in WooCommerce POS

kilbot WooCommerce POS n/a CVE
CRITICAL 9.9 CVE-2026-49774

WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability_CVE-2026-49774

Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects...

Filipe Nasc RD Station n/a CVE
CRITICAL 9.3 CVE-2026-49772

WordPress The Events Calendar plugin 6.15.12-6.16.2 – SQL Injection vulnerability_CVE-2026-49772

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar al...

Liquid Web / StellarWP The Events Calendar 6.15.12 CVE
MEDIUM 6.5 CVE-2026-40809

WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability_CVE-2026-40809

Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels. This is...

Rara Themes Metro Magazine n/a CVE
HIGH 8.5 CVE-2026-39581

WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability_CVE-2026-39581

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic

activity-log.com WP Sessions Time Monitoring Full Automatic n/a CVE
CRITICAL 9.3 CVE-2026-39574

WordPress InPost Gallery plugin <= 2.1.4.6 - SQL Injection vulnerability_CVE-2026-39574

Unauthenticated SQL Injection in InPost Gallery

RealMag777 InPost Gallery n/a CVE
HIGH 7.5 CVE-2026-39490

WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability_CVE-2026-39490

Unauthenticated Broken Access Control in JupiterX Core

artbees JupiterX Core n/a CVE