Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-42657

WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability_CVE-2026-42657

Unauthenticated Other Vulnerability Type in Contest Gallery

Wasiliy Strecker Contest Gallery n/a CVE
MEDIUM 6.5 CVE-2026-42656

WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42656

Subscriber Cross Site Scripting (XSS) in Contest Gallery

Wasiliy Strecker Contest Gallery n/a CVE
HIGH 7.5 CVE-2026-42655

WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability_CVE-2026-42655

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP

WPManageNinja Best Payments Plugin for WP n/a CVE
MEDIUM 6.3 CVE-2026-42651

WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability_CVE-2026-42651

Subscriber Broken Access Control in Classified Listing

Mamunur Rashid Classified Listing n/a CVE
HIGH 7.2 CVE-2026-42650

WordPress AutomatorWP plugin <= 5.6.7 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42650

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP

Ruben Garcia AutomatorWP n/a CVE
HIGH 7.1 CVE-2026-42649

WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42649

Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator

Archetyped Favicon Rotator n/a CVE
MEDIUM 6.5 CVE-2026-42640

WordPress Classified Listing plugin <= 5.3.8 - Broken Access Control vulnerability_CVE-2026-42640

Unauthenticated Broken Access Control in Classified Listing

Mamunur Rashid Classified Listing n/a CVE
CRITICAL 9.3 CVE-2026-42639

WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability_CVE-2026-42639

Unauthenticated SQL Injection in GD Rating System

Dev4Press GD Rating System n/a CVE
HIGH 8.1 CVE-2026-42411

WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability_CVE-2026-42411

Unauthenticated Broken Authentication in CloudSecure WP Security

XServer CloudSecure WP Security n/a CVE
CRITICAL 9.3 CVE-2026-42386

WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability_CVE-2026-42386

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce

tychesoftwares Order Delivery Date for WooCommerce n/a CVE