Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.2 CVE-2026-57348

WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-57348

Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions

Cozmoslabs Paid Member Subscriptions n/a CVE
MEDIUM 6.5 CVE-2026-57347

WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability_CVE-2026-57347

Subscriber Sensitive Data Exposure in Hotel Booking Lite

jetmonsters Hotel Booking Lite n/a CVE
HIGH 7.1 CVE-2026-57345

WordPress Internal Links Manager plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57345

Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager

Webraketen Internal Links Manager n/a CVE
HIGH 7.1 CVE-2026-57344

WordPress Classified Listing plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57344

Unauthenticated Cross Site Scripting (XSS) in Classified Listing

RadiusTheme Classified Listing n/a CVE
HIGH 7.1 CVE-2026-57343

WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57343

Unauthenticated Cross Site Scripting (XSS) in Real Estate 7

Contempoinc Real Estate 7 n/a CVE
MEDIUM 6.5 CVE-2026-57342

WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57342

Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images

ShortPixel ShortPixel Adaptive Images n/a CVE
MEDIUM 6.5 CVE-2026-49779

WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability_CVE-2026-49779

Customer Path Traversal in Tax Exempt for WooCommerce

Addify Tax Exempt for WooCommerce n/a CVE
HIGH 8.1 CVE-2026-42382

WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability_CVE-2026-42382

Unauthenticated Local File Inclusion in Audrey

Elated-Themes Audrey n/a CVE
HIGH 7.5 CVE-2026-39448

WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability_CVE-2026-39448

Unauthenticated Broken Access Control in NOWPayments for WooCommerce

CoderPress NOWPayments for WooCommerce n/a CVE
CRITICAL 9.1 CVE-2026-27436

WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerability_CVE-2026-27436

Editor Arbitrary Code Execution in Five Star Business Profile and Schema

Rustaurius Five Star Business Profile and Schema n/a CVE