Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-11965

User Registration & Membership < 5.2.0 - Unauthenticated Paid Membership Bypass_CVE-2026-11965

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscript...

Unknown User Registration & Membership CVE
LOW 2.7 CVE-2026-11781

Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX_CVE-2026-11781

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration ...

Unknown Adminify CVE
LOW 2.7 CVE-2026-11578

Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR_CVE-2026-11578

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manage...

Unknown Fluent Forms CVE
MEDIUM 6.8 CVE-2026-10077

YOOtheme Pro < 5.0.35 - Author+ Stored XSS via UIkit Data Attributes_CVE-2026-10077

The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permit...

Unknown yootheme CVE
MEDIUM 5.3 CVE-2026-57760

WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability_CVE-2026-57760

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This ...

Sendcloud Sendcloud Shipping n/a CVE
HIGH 7.1 CVE-2026-57678

WordPress Slider Revolution plugin 7.0.0-7.0.16 – Cross Site Scripting (XSS) vulnerability_CVE-2026-57678

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected...

ThemePunch Slider Revolution 7.0.0 CVE
HIGH 8.8 CVE-2026-56037

WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability_CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a throu...

Themify Themify Popup n/a CVE
MEDIUM 6.4 CVE-2026-14449

POST-based reflected XSS via the thanks parameter in form components_CVE-2026-14449

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

u5CMS u5CMS CVE
CRITICAL 9.8 CVE-2026-5524

Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter_CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and includ...

Divi Engine Divi Form Builder CVE
MEDIUM 5.3 CVE-2026-58653

PraisonAI – Authorization Bypass via Unvalidated project_id in Issue Create/Update_CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can cr...

PraisonAI PraisonAI CVE