Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-9188

Appointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.7.6 - Unauthenticated Insecure Direct Object Reference via Predictable 'edit_key' / 'appointmentkey' Parameter_CVE-2026-9188

The Appointment Bookings for Zoom GoogleMeet and more – Wappointment plugin for WordPress is vulnerable to Insecure Direct Object Reference in all ...

wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment CVE
MEDIUM 6.5 CVE-2026-9145

Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Copy/Upload via Elementor Pro Form Upload Field 'raw_value'_CVE-2026-9145

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Arbitrary File Copy via the create_entry_el() funct...

crmperks Database for Contact Form 7, WPforms, Elementor forms CVE
MEDIUM 4.3 CVE-2026-8482

Information leak in NSRPC client history_CVE-2026-8482

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) ...

Stormshield Stormshield Network Security 4.3.0 CVE
HIGH 7.5 CVE-2026-8441

WP Review Slider Pro <= 12.7.2 - Unauthenticated SQL Injection via 'notinstring' Parameter_CVE-2026-8441

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action...

https://wpreviewslider.com/ WP Review Slider Pro CVE
HIGH 8.2 CVE-2026-14336

CVE-2026-14336_CVE-2026-14336

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, p...

Eclipse Foundation Eclipse CSI - PIA CVE
MEDIUM 6.5 CVE-2026-14029

Groundhogg <= 4.5.8 - Authenticated (Custom+) SQL Injection via 'select' Parameter_CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter ...

trainingbusinesspros Groundhogg — CRM, Newsletters, and Marketing Automation CVE
MEDIUM 5.3 CVE-2026-13459

JetFormBuilder <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via 'context' Parameter_CVE-2026-13459

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3...

jetmonsters JetFormBuilder — Dynamic Blocks Form Builder CVE
HIGH 7.5 CVE-2026-13369

Ninja Forms – File Uploads <= 3.3.29 - Unauthenticated Arbitrary File Read via File Upload Field 'files[].data.file_path' Parameter_CVE-2026-13369

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attach_files() function in versions up to, and inc...

SaturdayDrive Ninja Forms - File Uploads CVE
MEDIUM 6.4 CVE-2026-13252

RSS Aggregator by Feedzy <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aspectRatio' Attribute_CVE-2026-13252

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross...

themeisle RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator CVE
HIGH 7.5 CVE-2026-13251

Perfmatters <= 2.6.4 - Unauthenticated Arbitrary File Read via 's' Parameter_CVE-2026-13251

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This m...

perfmatters Perfmatters CVE