Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-42688

WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42688

Subscriber Cross Site Scripting (XSS) in Modula Image Gallery

WP Chill Modula Image Gallery n/a CVE
HIGH 8.1 CVE-2026-42687

WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability_CVE-2026-42687

Unauthenticated PHP Object Injection in EventPrime

EventPrime EventPrime n/a CVE
HIGH 7.1 CVE-2026-42686

WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42686

Subscriber Cross Site Scripting (XSS) in EventPrime

EventPrime EventPrime n/a CVE
HIGH 7.5 CVE-2026-42668

WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentication vulnerability_CVE-2026-42668

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend

Omnisend Email Marketing for WooCommerce by Omnisend n/a CVE
HIGH 7.5 CVE-2026-42667

WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability_CVE-2026-42667

Unauthenticated Sensitive Data Exposure in Bookly

Bookly Bookly n/a CVE
HIGH 7.5 CVE-2026-42666

WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability_CVE-2026-42666

Unauthenticated Broken Access Control in Salon booking system

Dimitri Grassi Salon booking system n/a CVE
CRITICAL 9.3 CVE-2026-42665

WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability_CVE-2026-42665

Unauthenticated SQL Injection in WP Data Access

Passionate Programmer Peter WP Data Access n/a CVE
HIGH 8.2 CVE-2026-42664

WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability_CVE-2026-42664

Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search

Motive Commerce Search AI Product Search for WooCommerce – Motive Commerce Search n/a CVE
MEDIUM 6.5 CVE-2026-42663

WordPress Simple Membership plugin <= 4.7.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42663

Unauthenticated Cross Site Scripting (XSS) in Simple Membership

wp.insider Simple Membership n/a CVE
MEDIUM 6.5 CVE-2026-42662

WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability_CVE-2026-42662

Unauthenticated Bypass Vulnerability in Event Tickets

Liquid Web / StellarWP Event Tickets n/a CVE