Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.1 CVE-2026-39465

WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability_CVE-2026-39465

Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider

MetaSlider Responsive Slider by MetaSlider n/a CVE
HIGH 7.1 CVE-2026-39463

WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39463

Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker

ManageWP ManageWP Worker n/a CVE
MEDIUM 6.3 CVE-2026-39451

WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39451

Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider

jgwhite33 WP Google Review Slider n/a CVE
HIGH 7.1 CVE-2026-39450

WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability_CVE-2026-39450

Subscriber Broken Authentication in FunnelKit Automations

Aman FunnelKit Automations n/a CVE
HIGH 7.1 CVE-2026-39449

WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39449

Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API

IT Path Solutions Contact Form to Any API n/a CVE
HIGH 7.1 CVE-2026-39447

WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39447

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments

NSquared Simply Schedule Appointments n/a CVE
CRITICAL 9.3 CVE-2026-39441

WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability_CVE-2026-39441

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free

Naked Cat Plugins (by Webdados) Feed KuantoKusta for WooCommerce – Free n/a CVE
HIGH 7.1 CVE-2026-39435

WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-39435

Unauthenticated Cross Site Scripting (XSS) in CformsII

bgermann CformsII n/a CVE
HIGH 7.2 CVE-2026-39434

WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability_CVE-2026-39434

Shop manager PHP Object Injection in CTX Feed

WebAppick CTX Feed n/a CVE
HIGH 7.1 CVE-2026-34902

WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-34902

Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite

WC Product Table WooCommerce Product Table Lite n/a CVE