Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 CVE-2026-56061

WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability_CVE-2026-56061

Unauthenticated Broken Access Control in Subscriptions for WooCommerce

WP Swings Subscriptions for WooCommerce n/a CVE
HIGH 7.5 CVE-2026-56060

WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerability_CVE-2026-56060

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce

tychesoftwares Print Invoice & Delivery Notes for WooCommerce n/a CVE
CRITICAL 9.9 CVE-2026-56059

WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability_CVE-2026-56059

Subscriber Arbitrary File Upload in Travel Booking

PhysCode Travel Booking n/a CVE
CRITICAL 9.9 CVE-2026-56058

WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability_CVE-2026-56058

Subscriber Arbitrary File Upload in Quform

ThemeCatcher Quform n/a CVE
CRITICAL 9.8 CVE-2026-56057

WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability_CVE-2026-56057

Subscriber PHP Object Injection in Uncanny Automator Pro

Uncanny Owl Uncanny Automator Pro n/a CVE
HIGH 8.8 CVE-2026-56055

WordPress RealHomes theme <= 4.5.3 - PHP Object Injection vulnerability_CVE-2026-56055

Subscriber PHP Object Injection in RealHomes

InspiryThemes RealHomes n/a CVE
MEDIUM 6.5 CVE-2026-56048

WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-56048

Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce

tychesoftwares Payment Gateway Based Fees and Discounts for WooCommerce n/a CVE
HIGH 7.1 CVE-2026-56047

WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-56047

Unauthenticated Cross Site Scripting (XSS) in perfmatters

Perfmatters, Powered Kinsta + GeneratePress Docs Changelog Feature requests Legal Affiliate Contact perfmatters n/a CVE
MEDIUM 6.5 CVE-2026-56046

WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56046

Subscriber Cross Site Scripting (XSS) in ListingPro

CridioStudio ListingPro n/a CVE
HIGH 7.1 CVE-2026-56045

WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56045

Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.

ValvePress Automatic n/a CVE