Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-57653

WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability_CVE-2026-57653

Contributor SQL Injection in WP Job Portal

wpjobportal WP Job Portal n/a CVE
MEDIUM 5.3 CVE-2026-57652

WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57652

Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk

JoomSky JS Help Desk n/a CVE
MEDIUM 6.5 CVE-2026-57651

WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57651

Contributor Cross Site Scripting (XSS) in Ghost Kit

nK Ghost Kit n/a CVE
MEDIUM 6.5 CVE-2026-57650

WordPress Magazine Blocks plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57650

Contributor Cross Site Scripting (XSS) in Magazine Blocks

BlockArt Magazine Blocks n/a CVE
MEDIUM 4.3 CVE-2026-57649

WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability_CVE-2026-57649

Subscriber Broken Access Control in Shoppable Images Lite

studiowombat Shoppable Images Lite n/a CVE
MEDIUM 4.3 CVE-2026-57648

WordPress Nelio Content plugin <= 4.3.4 - Broken Access Control vulnerability_CVE-2026-57648

Contributor Broken Access Control in Nelio Content

Nelio Software Nelio Content n/a CVE
HIGH 7.5 CVE-2026-57647

WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability_CVE-2026-57647

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer

bPlugins Panorama Viewer – 360 Degree Image + Video Viewer n/a CVE
MEDIUM 5.4 CVE-2026-57646

WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57646

Subscriber Insecure Direct Object References (IDOR) in Majestic Support

Majestic Support Majestic Support n/a CVE
HIGH 8.1 CVE-2026-57645

WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability_CVE-2026-57645

newsletters_subscribers Broken Access Control in Newsletters

Tribulant Software Newsletters n/a CVE
HIGH 8.5 CVE-2026-57644

WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability_CVE-2026-57644

Contributor SQL Injection in Restaurant Menu by MotoPress

jetmonsters Restaurant Menu by MotoPress n/a CVE