Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-39548

WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39548

Unauthenticated Cross Site Scripting (XSS) in MagOne

Sneeit MagOne n/a CVE
HIGH 8.1 CVE-2026-39547

WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability_CVE-2026-39547

Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

Select-Themes Getaway n/a CVE
HIGH 8.1 CVE-2026-39539

WordPress Alloggio – Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability_CVE-2026-39539

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking

Edge-Themes Alloggio - Hotel Booking n/a CVE
CRITICAL 9.8 CVE-2026-39529

WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability_CVE-2026-39529

Unauthenticated PHP Object Injection in Elementra

ThemeREX Group Elementra n/a CVE
HIGH 8.1 CVE-2026-39522

WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability_CVE-2026-39522

Unauthenticated Local File Inclusion in Solene

Elated-Themes Solene n/a CVE
HIGH 8.1 CVE-2026-39446

WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability_CVE-2026-39446

Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.

PressLayouts Kapee n/a CVE
HIGH 8.1 CVE-2026-39443

WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability_CVE-2026-39443

Unauthenticated PHP Object Injection in EmallShop

PressLayouts EmallShop n/a CVE
CRITICAL 9.3 CVE-2026-39438

WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability_CVE-2026-39438

Unauthenticated SQL Injection in ListingPro

Emraan Cheema ListingPro n/a CVE
MEDIUM 6.5 CVE-2026-39433

WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability_CVE-2026-39433

Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.

mojoomla WPAMS n/a CVE
HIGH 8.1 CVE-2026-34895

WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability_CVE-2026-34895

Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.

WebGeniusLab Softlab Core n/a CVE