Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2026-39522

WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability_CVE-2026-39522

Unauthenticated Local File Inclusion in Solene

Elated-Themes Solene n/a CVE
HIGH 8.1 CVE-2026-39446

WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability_CVE-2026-39446

Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.

PressLayouts Kapee n/a CVE
HIGH 8.1 CVE-2026-39443

WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability_CVE-2026-39443

Unauthenticated PHP Object Injection in EmallShop

PressLayouts EmallShop n/a CVE
CRITICAL 9.3 CVE-2026-39438

WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability_CVE-2026-39438

Unauthenticated SQL Injection in ListingPro

Emraan Cheema ListingPro n/a CVE
MEDIUM 6.5 CVE-2026-39433

WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability_CVE-2026-39433

Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.

mojoomla WPAMS n/a CVE
HIGH 8.1 CVE-2026-34895

WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability_CVE-2026-34895

Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.

WebGeniusLab Softlab Core n/a CVE
HIGH 8.1 CVE-2026-34894

WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability_CVE-2026-34894

Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.

WebGeniusLab Integrio Core n/a CVE
HIGH 8.1 CVE-2026-34893

WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability_CVE-2026-34893

Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.

WebGeniusLab Thegov Core n/a CVE
MEDIUM 5.6 CVE-2026-2604

Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling_CVE-2026-2604

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus ac...

GNOME Evolution Data Server CVE
CRITICAL 9.8 CVE-2026-27429

WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability_CVE-2026-27429

Unauthenticated PHP Object Injection in Nifty

BoldThemes Nifty n/a CVE