Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-34886

WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability_CVE-2026-34886

Unauthenticated Broken Access Control in Simple Membership

wp.insider Simple Membership n/a CVE
HIGH 7.2 CVE-2026-27407

WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability_CVE-2026-27407

Editor Privilege Escalation in AI Engine

Meow Apps AI Engine n/a CVE
HIGH 8.1 CVE-2026-27333

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability_CVE-2026-27333

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site

VideoWhisper.com Paid Videochat Turnkey Site n/a CVE
HIGH 7.5 CVE-2026-27089

WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability_CVE-2026-27089

Unauthenticated Bypass Vulnerability in WpTravelly

Magepeople inc. WpTravelly n/a CVE
CRITICAL 9.8 CVE-2026-27053

WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability_CVE-2026-27053

Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.

VideoWhisper.com Broadcast Live Video n/a CVE
MEDIUM 5.3 CVE-2026-25440

WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability_CVE-2026-25440

Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.

WPDeveloper Essential Addons for Elementor n/a CVE
HIGH 7.5 CVE-2026-25425

WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability_CVE-2026-25425

Unauthenticated Broken Access Control in User Registration

ThemeGrill User Registration n/a CVE
HIGH 8.5 CVE-2026-24637

WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability_CVE-2026-24637

Contributor SQL Injection in PowerPress Podcasting

Blubrry Podcasting PowerPress Podcasting n/a CVE
HIGH 7.1 CVE-2026-23970

WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-23970

Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7

Themeisle Redirection for Contact Form 7 n/a CVE
MEDIUM 6.5 CVE-2025-69332

WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability_CVE-2025-69332

Subscriber Broken Access Control in Bookify

myCred Bookify n/a CVE