Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 CVE-2026-8482

Information leak in NSRPC client history_CVE-2026-8482

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) ...

Stormshield Stormshield Network Security 4.3.0 CVE
HIGH 7.5 CVE-2026-8441

WP Review Slider Pro <= 12.7.2 - Unauthenticated SQL Injection via 'notinstring' Parameter_CVE-2026-8441

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp_load_more_revs AJAX action...

https://wpreviewslider.com/ WP Review Slider Pro CVE
HIGH 8.2 CVE-2026-14336

CVE-2026-14336_CVE-2026-14336

PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer.startswith(' https://ci.eclipse.org ') in is_issuer_known, p...

Eclipse Foundation Eclipse CSI - PIA CVE
MEDIUM 6.5 CVE-2026-14029

Groundhogg <= 4.5.8 - Authenticated (Custom+) SQL Injection via 'select' Parameter_CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter ...

trainingbusinesspros Groundhogg — CRM, Newsletters, and Marketing Automation CVE
MEDIUM 5.3 CVE-2026-13459

JetFormBuilder <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via 'context' Parameter_CVE-2026-13459

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3...

jetmonsters JetFormBuilder — Dynamic Blocks Form Builder CVE
HIGH 7.5 CVE-2026-13369

Ninja Forms – File Uploads <= 3.3.29 - Unauthenticated Arbitrary File Read via File Upload Field 'files[].data.file_path' Parameter_CVE-2026-13369

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attach_files() function in versions up to, and inc...

SaturdayDrive Ninja Forms - File Uploads CVE
MEDIUM 6.4 CVE-2026-13252

RSS Aggregator by Feedzy <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aspectRatio' Attribute_CVE-2026-13252

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross...

themeisle RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator CVE
HIGH 7.5 CVE-2026-13251

Perfmatters <= 2.6.4 - Unauthenticated Arbitrary File Read via 's' Parameter_CVE-2026-13251

The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This m...

perfmatters Perfmatters CVE
MEDIUM 5.3 CVE-2026-12657

LatePoint <= 5.6.2 - Unauthenticated Insecure Direct Object Reference to Arbitrary Creation via 'service_id' Parameter_CVE-2026-12657

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all v...

latepoint LatePoint – Calendar Booking Plugin for Appointments and Events CVE
MEDIUM 5.3 CVE-2026-12472

Kirki <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) via 'emailBody' and 'emailSubject' Parameters_CVE-2026-12472

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, a...

themeum Kirki – Freeform Page Builder, Website Builder & Customizer CVE