Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-48883

WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability_CVE-2026-48883

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce

WPClever WPC Product Bundles for WooCommerce n/a CVE
HIGH 8.5 CVE-2026-48882

WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability_CVE-2026-48882

Subscriber SQL Injection in WP Time Slots Booking Form

codepeople WP Time Slots Booking Form n/a CVE
CRITICAL 9.1 CVE-2026-48881

WordPress TrueBooker plugin <= 1.1.9 - Broken Access Control vulnerability_CVE-2026-48881

Unauthenticated Broken Access Control in TrueBooker

themetechmount TrueBooker n/a CVE
MEDIUM 6.5 CVE-2026-48880

WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48880

Subscriber Cross Site Scripting (XSS) in WP Job Portal

Ahmad WP Job Portal n/a CVE
MEDIUM 6.5 CVE-2026-48878

WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability_CVE-2026-48878

Subscriber Sensitive Data Exposure in Visual Link Preview

Bootstrapped Ventures Visual Link Preview n/a CVE
HIGH 7.1 CVE-2026-48876

WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48876

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers

Web Guy Stop Spammers n/a CVE
HIGH 8.5 CVE-2026-48874

WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability_CVE-2026-48874

Subscriber SQL Injection in GamiPress

Ruben Garcia GamiPress n/a CVE
HIGH 7.5 CVE-2026-48873

WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability_CVE-2026-48873

Unauthenticated Broken Access Control in Montonio for WooCommerce

Montonio Montonio for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-48872

WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability_CVE-2026-48872

Unauthenticated Sensitive Data Exposure in EmbedPress

WPDeveloper EmbedPress n/a CVE
HIGH 7.1 CVE-2026-48871

WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48871

Unauthenticated Cross Site Scripting (XSS) in MW WP Form

Takashi Kitajima MW WP Form n/a CVE