Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-11887

Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass_CVE-2026-11887

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authe...

Unknown Salon Booking System CVE
HIGH 7.2 CVE-2026-11883

WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass_CVE-2026-11883

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing ...

Unknown WebAuthn Provider for Two Factor CVE
LOW 3.1 CVE-2026-11880

Fluent Forms < 6.2.1 - Subscriber+ Subscription Cancellation via IDOR_CVE-2026-11880

The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing ...

Unknown Fluent Forms CVE
HIGH 8.1 CVE-2026-11794

Advanced Form Integration < 2.1.1 - Unauthenticated Privilege Escalation via Breakdance Form Role Mapping_CVE-2026-11794

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it crea...

Unknown Advanced Form Integration — Connect Forms to 200+ Apps CVE
NONE THN:E8D2574E42A...

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029_THN:E8D2574E42AC275D4F0E2F455424338D

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyPq-iy_BsDM3LGWIEtwydOynDIApb_bokv6EuarUGUbyIw8tFnntySLPL5FuN0Qw1PIGNzlabEaSq00S9oj...

N/A N/A THN
MEDIUM 4.2 CVE-2026-11570

User Submitted Posts < 20260608 - Unauthenticated Stored XSS via Author Name_CVE-2026-11570

The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display te...

Unknown User Submitted Posts CVE
HIGH 7.5 CVE-2026-11568

Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data_CVE-2026-11568

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning Woo...

Unknown Product Configurator for WooCommerce CVE
MEDIUM 4.3 CVE-2026-11562

WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update_CVE-2026-11562

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated use...

Unknown WS Form LITE CVE
HIGH 8.1 CVE-2026-10750

Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools_CVE-2026-10750

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allow...

Unknown Royal MCP CVE
MEDIUM 6.5 CVE-2026-14258

Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling_CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a ze...

Red Hat Red Hat Enterprise Linux 10 CVE