Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-49085

WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability_CVE-2026-49085

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms

CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms 1.1.4 CVE
HIGH 7.5 CVE-2026-49083

WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability_CVE-2026-49083

Contributor Privilege Escalation in LatePoint

LatePoint LatePoint n/a CVE
HIGH 7.4 CVE-2026-49082

WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability_CVE-2026-49082

Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons

Chatway Live Chat Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons n/a CVE
HIGH 7.5 CVE-2026-49078

WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability_CVE-2026-49078

Unauthenticated Other Vulnerability Type in WP Travel Engine

WP Travel Engine WP Travel Engine n/a CVE
HIGH 7.5 CVE-2026-49070

WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability_CVE-2026-49070

Unauthenticated Broken Access Control in Knit Pay

Knit Pay Knit Pay n/a CVE
HIGH 7.5 CVE-2026-49068

WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability_CVE-2026-49068

Subscriber Sensitive Data Exposure in Coupon Affiliates

RelyWP Coupon Affiliates n/a CVE
CRITICAL 9.3 CVE-2026-49067

WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability_CVE-2026-49067

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect

yydevelopment Advanced 301 and 302 Redirect 1.6.9 CVE
HIGH 7.5 CVE-2026-49066

WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability_CVE-2026-49066

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway

Conekta Group Conekta Payment Gateway n/a CVE
HIGH 8.2 CVE-2026-49065

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability_CVE-2026-49065

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce

hippooo Hippoo Mobile App for WooCommerce n/a CVE
HIGH 7.3 CVE-2026-49063

WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability_CVE-2026-49063

Unauthenticated Privilege Escalation in Listdom

Webilia Inc. Listdom n/a CVE