Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-56006

WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-56006

Unauthenticated Cross Site Scripting (XSS) in H5P

H5P H5P n/a CVE
HIGH 7.1 CVE-2026-56005

WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56005

Subscriber Cross Site Scripting (XSS) in WP Activity Log

Melapress WP Activity Log n/a CVE
CRITICAL 9.3 CVE-2026-54849

WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability_CVE-2026-54849

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce

Premmerce Premmerce Wishlist for WooCommerce 1.1.11 CVE
HIGH 8.3 CVE-2026-54848

WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability_CVE-2026-54848

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive ...

Saad Iqbal APIExperts Square for WooCommerce n/a CVE
HIGH 8.1 CVE-2026-54845

WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability_CVE-2026-54845

Unauthenticated Local File Inclusion in MDTF

PluginUs.Net MDTF n/a CVE
HIGH 7.5 CVE-2026-54844

WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerability_CVE-2026-54844

Unauthenticated Broken Access Control in CheckView Automated Testing

CheckView CheckView Automated Testing n/a CVE
CRITICAL 9.3 CVE-2026-54843

WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability_CVE-2026-54843

Unauthenticated SQL Injection in MDTF

PluginUs.Net MDTF n/a CVE
HIGH 8.1 CVE-2026-54842

WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability_CVE-2026-54842

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue...

Royal Plugins Royal MCP n/a CVE
HIGH 7.5 CVE-2026-54841

WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability_CVE-2026-54841

Unauthenticated Sensitive Data Exposure in Vitepos

Appsbd Vitepos n/a CVE
HIGH 8.5 CVE-2026-54838

WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability_CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace

Rymera Web Co WC Vendors Marketplace n/a CVE