Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-57667

WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability_CVE-2026-57667

Sales Representative SQL Injection in Groundhogg

Adrian Tobey Groundhogg n/a CVE
MEDIUM 5.3 CVE-2026-57665

WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57665

Unauthenticated Insecure Direct Object References (IDOR) in GravityView

GravityKit GravityView n/a CVE
MEDIUM 4.3 CVE-2026-57664

WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability_CVE-2026-57664

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder

VillaTheme Bopo – WooCommerce Product Bundle Builder n/a CVE
HIGH 8.5 CVE-2026-57663

WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability_CVE-2026-57663

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes

Igor Benic Recipe Maker For Your Food Blog from Zip Recipes n/a CVE
HIGH 8.5 CVE-2026-57662

WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability_CVE-2026-57662

Contributor SQL Injection in Contest Gallery

Wasiliy Strecker Contest Gallery n/a CVE
MEDIUM 5.4 CVE-2026-57661

WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability_CVE-2026-57661

Subscriber Broken Access Control in WPComplete

Nexcess WPComplete n/a CVE
MEDIUM 5.3 CVE-2026-57660

WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability_CVE-2026-57660

Unauthenticated Broken Access Control in Booking and Rental Manager

magepeopleteam Booking and Rental Manager n/a CVE
HIGH 8.8 CVE-2026-57659

WordPress Paid Memberships Pro – Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57659

Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin

Stranger Studios Paid Memberships Pro - Add Member From Admin 0.7.2 CVE
CRITICAL 9.1 CVE-2026-57658

WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability_CVE-2026-57658

Administrator Arbitrary File Upload in TemplateSpare

Templatespare TemplateSpare n/a CVE
MEDIUM 4.3 CVE-2026-57657

WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57657

Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP

Noor Alam Gmail SMTP n/a CVE