Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-27089

WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability_CVE-2026-27089

Unauthenticated Bypass Vulnerability in WpTravelly

Magepeople inc. WpTravelly n/a CVE
CRITICAL 9.8 CVE-2026-27053

WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability_CVE-2026-27053

Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.

VideoWhisper.com Broadcast Live Video n/a CVE
MEDIUM 5.3 CVE-2026-25440

WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability_CVE-2026-25440

Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.

WPDeveloper Essential Addons for Elementor n/a CVE
HIGH 7.5 CVE-2026-25425

WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability_CVE-2026-25425

Unauthenticated Broken Access Control in User Registration

ThemeGrill User Registration n/a CVE
HIGH 8.5 CVE-2026-24637

WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability_CVE-2026-24637

Contributor SQL Injection in PowerPress Podcasting

Blubrry Podcasting PowerPress Podcasting n/a CVE
HIGH 7.1 CVE-2026-23970

WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-23970

Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7

Themeisle Redirection for Contact Form 7 n/a CVE
MEDIUM 6.5 CVE-2025-69332

WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability_CVE-2025-69332

Subscriber Broken Access Control in Bookify

myCred Bookify n/a CVE
HIGH 7.1 CVE-2025-68872

WordPress Eli’s WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-68872

Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics

Eli Eli's WordCents adSense Widget with Analytics n/a CVE
HIGH 7.1 CVE-2025-68851

WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-68851

Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit

ArrayHQ Okay Toolkit n/a CVE
HIGH 7.1 CVE-2025-68840

WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-68840

Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO

markbeljaars iRobots.txt SEO n/a CVE