Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-40781

WordPress ReviewX plugin <= 2.3.6 - Broken Authentication vulnerability_CVE-2026-40781

Unauthenticated Broken Authentication in ReviewX

ReviewX ReviewX n/a CVE
HIGH 7.7 CVE-2026-40779

WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability_CVE-2026-40779

Contributor Arbitrary File Deletion in Link Library

Yannick Lefebvre Link Library n/a CVE
HIGH 7.5 CVE-2026-40776

WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability_CVE-2026-40776

Unauthenticated Broken Access Control in WP Event SOlution

Arraytics WP Event SOlution n/a CVE
HIGH 7.3 CVE-2026-40775

WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability_CVE-2026-40775

Unauthenticated Broken Access Control in Royal MCP

Royal Plugins Royal MCP n/a CVE
HIGH 7.5 CVE-2026-40774

WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability_CVE-2026-40774

Unauthenticated Broken Access Control in Booking Package

SaasProject Booking Package n/a CVE
MEDIUM 6.5 CVE-2026-40773

WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability_CVE-2026-40773

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress

rtCamp Inc. rtMedia for WordPress, BuddyPress and bbPress n/a CVE
CRITICAL 10 CVE-2026-40772

WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability_CVE-2026-40772

Unauthenticated Arbitrary File Upload in GeekyBot

Ahmad GeekyBot n/a CVE
CRITICAL 9.3 CVE-2026-40771

WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability_CVE-2026-40771

Unauthenticated SQL Injection in Contest Gallery

Wasiliy Strecker Contest Gallery n/a CVE
HIGH 7.1 CVE-2026-40770

WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40770

Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates

RelyWP Coupon Affiliates n/a CVE
HIGH 8.6 CVE-2026-40769

WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability_CVE-2026-40769

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field

Satinder Singh Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field n/a CVE