Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-52700

WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability_CVE-2026-52700

Subscriber SQL Injection in WCMultiShipping

WcMultishipping – Mondial Relay & Chronopost for Wooommerce WCMultiShipping n/a CVE
HIGH 7.5 CVE-2026-52699

WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-52699

Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar

e4jvikwp VikRentCar n/a CVE
HIGH 8.5 CVE-2026-52697

WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability_CVE-2026-52697

Subscriber SQL Injection in Taskbuilder

Taskbuilder Taskbuilder n/a CVE
HIGH 7.5 CVE-2026-52695

WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability_CVE-2026-52695

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout

Al Monsor ABC Crypto Checkout n/a CVE
HIGH 7.5 CVE-2026-52694

WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability_CVE-2026-52694

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce

WP E-Signature Signature Add-On for WooCommerce n/a CVE
CRITICAL 9.3 CVE-2026-52693

WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability_CVE-2026-52693

Unauthenticated SQL Injection in eCommerce Product Catalog

impleCode eCommerce Product Catalog n/a CVE
HIGH 7.5 CVE-2026-52692

WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability_CVE-2026-52692

Unauthenticated Sensitive Data Exposure in Affiliates Manager

wp.insider Affiliates Manager n/a CVE
CRITICAL 9.8 CVE-2026-49781

WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability_CVE-2026-49781

Unauthenticated PHP Object Injection in OttoKit

Brainstorm Force OttoKit n/a CVE
HIGH 8.8 CVE-2026-49780

WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability_CVE-2026-49780

Customer Privilege Escalation in Dokan

Dokan, Inc. Dokan n/a CVE
CRITICAL 9.3 CVE-2026-49776

WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability_CVE-2026-49776

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites

JExtensions Store GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites n/a CVE