Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-49781

WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability_CVE-2026-49781

Unauthenticated PHP Object Injection in OttoKit

Brainstorm Force OttoKit n/a CVE
HIGH 8.8 CVE-2026-49780

WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability_CVE-2026-49780

Customer Privilege Escalation in Dokan

Dokan, Inc. Dokan n/a CVE
CRITICAL 9.3 CVE-2026-49776

WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability_CVE-2026-49776

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites

JExtensions Store GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites n/a CVE
MEDIUM 6.5 CVE-2026-49775

WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability_CVE-2026-49775

Unauthenticated Broken Access Control in Welcart e-Commerce

info@welcart Welcart e-Commerce n/a CVE
MEDIUM 6.5 CVE-2026-49773

WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49773

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

FolioVision FV Flowplayer Video Player n/a CVE
CRITICAL 9.8 CVE-2026-49770

WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability_CVE-2026-49770

Unauthenticated PHP Object Injection in WP Travel Engine

WP Travel Engine WP Travel Engine n/a CVE
CRITICAL 9.8 CVE-2026-49769

WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability_CVE-2026-49769

Unauthenticated PHP Object Injection in wpForo Forum

Tomdever wpForo Forum n/a CVE
CRITICAL 9.8 CVE-2026-49768

WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability_CVE-2026-49768

Unauthenticated PHP Object Injection in Happyforms

The WP Folks Happyforms n/a CVE
CRITICAL 9.9 CVE-2026-49766

WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability_CVE-2026-49766

Subscriber Arbitrary File Deletion in WP User Manager

WP User Manager WP User Manager n/a CVE
CRITICAL 9.8 CVE-2026-49765

WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability_CVE-2026-49765

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms

CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms n/a CVE