Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-54841

WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability_CVE-2026-54841

Unauthenticated Sensitive Data Exposure in Vitepos

Appsbd Vitepos n/a CVE
HIGH 8.5 CVE-2026-54838

WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability_CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace

Rymera Web Co WC Vendors Marketplace n/a CVE
CRITICAL 9.3 CVE-2026-54836

WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability_CVE-2026-54836

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue ...

YMC YMC Filter n/a CVE
HIGH 7.5 CVE-2026-54830

WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability_CVE-2026-54830

Unauthenticated Broken Access Control in Five Star Restaurant Reservations

Etoile Web Design Incorporated Five Star Restaurant Reservations n/a CVE
HIGH 7.5 CVE-2026-54829

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability_CVE-2026-54829

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows...

Jacob N. Breetvelt WP Photo Album Plus n/a CVE
HIGH 7.5 CVE-2026-54828

WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability_CVE-2026-54828

Unauthenticated Broken Access Control in Motors

StylemixThemes Motors n/a CVE
CRITICAL 9.9 CVE-2026-54823

WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability_CVE-2026-54823

Contributor Remote Code Execution (RCE) in Widget Options

MarketingFire Widget Options n/a CVE
HIGH 8.5 CVE-2026-54822

WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability_CVE-2026-54822

Subscriber SQL Injection in SALESmanago & Leadoo

SALESmanago SALESmanago & Leadoo n/a CVE
HIGH 7.4 CVE-2026-54821

WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability_CVE-2026-54821

Subscriber Sensitive Data Exposure in Visual Link Preview

Bootstrapped Ventures Visual Link Preview n/a CVE
MEDIUM 5.9 CVE-2026-52690

Spoofed answers can mark an authoritative non-EDNS capable_CVE-2026-52690

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by tha...

PowerDNS Recursor 5.2.0 CVE