Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-57335

WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability_CVE-2026-57335

Subscriber Broken Access Control in Ads by WPQuads

Ads WPQuads Ads by WPQuads n/a CVE
MEDIUM 6.5 CVE-2026-57334

WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability_CVE-2026-57334

Unauthenticated Broken Access Control in WP User Frontend

weDevs WP User Frontend n/a CVE
HIGH 7.1 CVE-2026-57333

WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-57333

Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free

Spencer Haws Link Whisper Free n/a CVE
HIGH 7.1 CVE-2026-57332

WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability_CVE-2026-57332

Subscriber Broken Access Control in Wallet System for WooCommerce

WP Swings Wallet System for WooCommerce n/a CVE
CRITICAL 9.9 CVE-2026-57331

WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerability_CVE-2026-57331

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site

videowhisper Paid Videochat Turnkey Site n/a CVE
MEDIUM 6.5 CVE-2026-57330

WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57330

Subscriber Cross Site Scripting (XSS) in MasterStudy LMS

Stylemix MasterStudy LMS n/a CVE
MEDIUM 6.5 CVE-2026-57329

WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57329

Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro

WOOCOMMERCE DESIGNER PRO WooCommerce Designer Pro n/a CVE
MEDIUM 6.5 CVE-2026-57328

WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57328

Subscriber Cross Site Scripting (XSS) in Business Directory

Strategy11 Team Business Directory n/a CVE
MEDIUM 6.3 CVE-2026-57327

WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability_CVE-2026-57327

Subscriber Broken Access Control in MainWP

mainwp MainWP n/a CVE
MEDIUM 6.5 CVE-2026-57326

WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57326

Unauthenticated Cross Site Scripting (XSS) in Business Directory

Strategy11 Team Business Directory n/a CVE