Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-52693

WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability_CVE-2026-52693

Unauthenticated SQL Injection in eCommerce Product Catalog

impleCode eCommerce Product Catalog n/a CVE
HIGH 7.5 CVE-2026-52692

WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability_CVE-2026-52692

Unauthenticated Sensitive Data Exposure in Affiliates Manager

wp.insider Affiliates Manager n/a CVE
CRITICAL 9.8 CVE-2026-49781

WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability_CVE-2026-49781

Unauthenticated PHP Object Injection in OttoKit

Brainstorm Force OttoKit n/a CVE
HIGH 8.8 CVE-2026-49780

WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability_CVE-2026-49780

Customer Privilege Escalation in Dokan

Dokan, Inc. Dokan n/a CVE
CRITICAL 9.3 CVE-2026-49776

WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability_CVE-2026-49776

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites

JExtensions Store GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites n/a CVE
MEDIUM 6.5 CVE-2026-49775

WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability_CVE-2026-49775

Unauthenticated Broken Access Control in Welcart e-Commerce

info@welcart Welcart e-Commerce n/a CVE
MEDIUM 6.5 CVE-2026-49773

WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49773

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

FolioVision FV Flowplayer Video Player n/a CVE
CRITICAL 9.8 CVE-2026-49770

WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability_CVE-2026-49770

Unauthenticated PHP Object Injection in WP Travel Engine

WP Travel Engine WP Travel Engine n/a CVE
CRITICAL 9.8 CVE-2026-49769

WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability_CVE-2026-49769

Unauthenticated PHP Object Injection in wpForo Forum

Tomdever wpForo Forum n/a CVE
CRITICAL 9.8 CVE-2026-49768

WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability_CVE-2026-49768

Unauthenticated PHP Object Injection in Happyforms

The WP Folks Happyforms n/a CVE