Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-49066

WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability_CVE-2026-49066

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway

Conekta Group Conekta Payment Gateway n/a CVE
HIGH 8.2 CVE-2026-49065

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability_CVE-2026-49065

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce

hippooo Hippoo Mobile App for WooCommerce n/a CVE
HIGH 7.3 CVE-2026-49063

WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability_CVE-2026-49063

Unauthenticated Privilege Escalation in Listdom

Webilia Inc. Listdom n/a CVE
HIGH 7.5 CVE-2026-49061

WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability_CVE-2026-49061

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce

WPClever WPC Product Options for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-49056

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability_CVE-2026-49056

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels n/a CVE
HIGH 7.1 CVE-2026-49055

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49055

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7

Glen Don Mongaya Drag and Drop Multiple File Upload – Contact Form 7 n/a CVE
MEDIUM 4.7 CVE-2026-49043

WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-49043

Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite

WP Engine WP Migrate Lite n/a CVE
HIGH 8.1 CVE-2026-48970

WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability_CVE-2026-48970

Unauthenticated Broken Authentication in Really Simple SSL

Really Simple Plugins Really Simple SSL n/a CVE
HIGH 7.1 CVE-2026-48966

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48966

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit

FunnelKit Funnel Builder by FunnelKit n/a CVE
MEDIUM 6.5 CVE-2026-48965

WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability_CVE-2026-48965

Subscriber Sensitive Data Exposure in XCloner

watchful XCloner n/a CVE