Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-57679

WordPress GeekyBot plugin <= 1.2.5 - SQL Injection vulnerability_CVE-2026-57679

Unauthenticated SQL Injection in GeekyBot

Ahmadgb GeekyBot n/a CVE
CRITICAL 9.8 CVE-2026-57677

WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability_CVE-2026-57677

Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce

Novalnet Novalnet Payment Gateway for WooCommerce n/a CVE
HIGH 7.1 CVE-2026-57675

WordPress WP Photo Album Plus plugin <= 9.2.02.004 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57675

Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus

Jacob N. Breetvelt WP Photo Album Plus n/a CVE
HIGH 7.1 CVE-2026-57674

WordPress Timetics plugin <= 1.0.58 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57674

Unauthenticated Cross Site Scripting (XSS) in Timetics

Arraytics Timetics n/a CVE
HIGH 7.1 CVE-2026-57673

WordPress Optimole plugin <= 4.2.7 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57673

Unauthenticated Cross Site Scripting (XSS) in Optimole

Optimole Optimole n/a CVE
HIGH 7.1 CVE-2026-57672

WordPress wpDataTables plugin <= 6.5.1.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57672

Unauthenticated Cross Site Scripting (XSS) in wpDataTables

Melograno Venture Studio wpDataTables n/a CVE
HIGH 7.1 CVE-2026-57671

WordPress perfmatters plugin <= 2.6.4 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57671

Unauthenticated Cross Site Scripting (XSS) in perfmatters

Perfmatters perfmatters n/a CVE
HIGH 7.1 CVE-2026-57670

WordPress Google Maps CP plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57670

Unauthenticated Cross Site Scripting (XSS) in Google Maps CP

Codepeople Google Maps CP n/a CVE
MEDIUM 6.5 CVE-2026-57669

WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability_CVE-2026-57669

Subscriber Broken Access Control in Advanced Contact form 7 DB

Vsourz Digital Advanced Contact form 7 DB n/a CVE
CRITICAL 9.6 CVE-2026-57625

WordPress Admin and Site Enhancements (ASE) Pro plugin <= 8.8.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57625

Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro

ASE Admin and Site Enhancements (ASE) Pro n/a CVE