Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-54838

WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability_CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace

Rymera Web Co WC Vendors Marketplace n/a CVE
CRITICAL 9.3 CVE-2026-54836

WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability_CVE-2026-54836

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue ...

YMC YMC Filter n/a CVE
HIGH 7.5 CVE-2026-54830

WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability_CVE-2026-54830

Unauthenticated Broken Access Control in Five Star Restaurant Reservations

Etoile Web Design Incorporated Five Star Restaurant Reservations n/a CVE
HIGH 7.5 CVE-2026-54829

WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability_CVE-2026-54829

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows...

Jacob N. Breetvelt WP Photo Album Plus n/a CVE
HIGH 7.5 CVE-2026-54828

WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability_CVE-2026-54828

Unauthenticated Broken Access Control in Motors

StylemixThemes Motors n/a CVE
CRITICAL 9.9 CVE-2026-54823

WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability_CVE-2026-54823

Contributor Remote Code Execution (RCE) in Widget Options

MarketingFire Widget Options n/a CVE
HIGH 8.5 CVE-2026-54822

WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability_CVE-2026-54822

Subscriber SQL Injection in SALESmanago & Leadoo

SALESmanago SALESmanago & Leadoo n/a CVE
HIGH 7.4 CVE-2026-54821

WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability_CVE-2026-54821

Subscriber Sensitive Data Exposure in Visual Link Preview

Bootstrapped Ventures Visual Link Preview n/a CVE
MEDIUM 5.9 CVE-2026-52690

Spoofed answers can mark an authoritative non-EDNS capable_CVE-2026-52690

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by tha...

PowerDNS Recursor 5.2.0 CVE
HIGH 7.1 CVE-2026-4526

Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2_CVE-2026-4526

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process...

Silicon Labs EmberZNet CVE