Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2025-68052

WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2025-68052

Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking

Eagle-Themes Eagle Booking n/a CVE
MEDIUM 5.3 CVE-2025-66123

WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2025-66123

Unauthenticated Insecure Direct Object References (IDOR) in BookPro

About Envato BookPro n/a CVE
MEDIUM 5.3 CVE-2025-64637

WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability_CVE-2025-64637

Unauthenticated Content Injection in Auros Core

Opal_WP Auros Core n/a CVE
MEDIUM 5.3 CVE-2025-64636

WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability_CVE-2025-64636

Unauthenticated Broken Access Control in Donation Thermometer

rhewlif Donation Thermometer n/a CVE
MEDIUM 4.3 CVE-2025-63079

WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability_CVE-2025-63079

Contributor Broken Access Control in Live Copy Paste for Elementor

bdthemes Live Copy Paste for Elementor n/a CVE
MEDIUM 4.3 CVE-2025-63078

WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability_CVE-2025-63078

Subscriber Broken Access Control in Restaurant Menu by MotoPress

jetmonsters Restaurant Menu by MotoPress n/a CVE
MEDIUM 5.4 CVE-2025-63041

WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability_CVE-2025-63041

Contributor Broken Access Control in Forget About Shortcode Buttons

Code Amp Forget About Shortcode Buttons n/a CVE
HIGH 7.2 CVE-2026-9640

LXD Snapshot Import Privilege Escalation Vulnerability_CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of proj...

Canonical LXD 5.21.0 CVE
MEDIUM 6.5 CVE-2026-9639

Authenticated Denial of Service via Malicious Backup Tarball in LXD_CVE-2026-9639

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_sto...

Canonical LXD 5.21.0 CVE
HIGH 7.1 CVE-2026-47214

Docling: Unsafe URI and Path Handling in HTML Backend_CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the...

docling-project docling < 2.94.0 CVE