Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-57690

WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57690

Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt

Fuelthemes Werkstatt n/a CVE
MEDIUM 4.3 CVE-2026-57689

WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability_CVE-2026-57689

Subscriber Broken Access Control in Werkstatt

Fuelthemes Werkstatt n/a CVE
HIGH 8.2 CVE-2026-57688

WordPress POS Entegratör plugin <= 3.7.103 - Broken Access Control vulnerability_CVE-2026-57688

Unauthenticated Broken Access Control in POS Entegratör

Gurmehub POS Entegratör n/a CVE
HIGH 8.5 CVE-2026-57687

WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability_CVE-2026-57687

Contributor SQL Injection in Custom Field Template

Hiroaki Miyashita Custom Field Template n/a CVE
HIGH 7.1 CVE-2026-57686

WordPress WowAddons plugin <= 1.6.14 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57686

Unauthenticated Cross Site Scripting (XSS) in WowAddons

WPXPO WowAddons n/a CVE
MEDIUM 4.3 CVE-2026-57685

WordPress Martfury – WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability_CVE-2026-57685

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme

drfuri Martfury - WooCommerce Marketplace WordPress Theme n/a CVE
MEDIUM 6.5 CVE-2026-57684

WordPress TheFox theme <= 3.9.70 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57684

Contributor Cross Site Scripting (XSS) in TheFox

tranmautritam TheFox n/a CVE
CRITICAL 9.3 CVE-2026-57683

WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability_CVE-2026-57683

Unauthenticated SQL Injection in WP Fast Total Search

Epsiloncool WP Fast Total Search n/a CVE
HIGH 7.1 CVE-2026-57682

WordPress Simple Link Directory plugin <= 15.0.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57682

Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory

QuantumCloud Simple Link Directory n/a CVE
MEDIUM 6.4 CVE-2026-57681

WordPress GeoDirectory plugin <= 2.8.161 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-57681

Subscriber Server Side Request Forgery (SSRF) in GeoDirectory

Paolo GeoDirectory n/a CVE