Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-49779

WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability_CVE-2026-49779

Customer Path Traversal in Tax Exempt for WooCommerce

Addify Tax Exempt for WooCommerce n/a CVE
HIGH 8.1 CVE-2026-42382

WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability_CVE-2026-42382

Unauthenticated Local File Inclusion in Audrey

Elated-Themes Audrey n/a CVE
HIGH 7.5 CVE-2026-39448

WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability_CVE-2026-39448

Unauthenticated Broken Access Control in NOWPayments for WooCommerce

CoderPress NOWPayments for WooCommerce n/a CVE
CRITICAL 9.1 CVE-2026-27436

WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerability_CVE-2026-27436

Editor Arbitrary Code Execution in Five Star Business Profile and Schema

Rustaurius Five Star Business Profile and Schema n/a CVE
MEDIUM 6.5 CVE-2026-27433

WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability_CVE-2026-27433

Unauthenticated Broken Access Control in Motors

StylemixThemes Motors n/a CVE
HIGH 7.1 CVE-2026-27430

WordPress TheFox theme <= 3.9.76 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-27430

Unauthenticated Cross Site Scripting (XSS) in TheFox

tranmautritam TheFox n/a CVE
HIGH 7.1 CVE-2026-27426

WordPress Automotive Car Dealership Business theme <= 13.3.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-27426

Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business

Themesuite Automotive Car Dealership Business n/a CVE
HIGH 7.1 CVE-2026-27425

WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-27425

Unauthenticated Cross Site Scripting (XSS) in Automotive Listings

Themesuite Automotive Listings n/a CVE
CRITICAL 9.9 CVE-2026-27419

WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability_CVE-2026-27419

Subscriber Arbitrary File Upload in Zegen

Zozothemes Zegen n/a CVE
HIGH 8.8 CVE-2026-27414

WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability_CVE-2026-27414

Contributor PHP Object Injection in Werkstatt

Fuelthemes Werkstatt n/a CVE