Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-11988

LearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' Parameter_CVE-2026-11988

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Insecure Direct Object Reference in ...

thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses CVE
MEDIUM 4.3 CVE-2026-11981

GiveWP <= 4.15.3 - Cross-Site Request Forgery_CVE-2026-11981

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce v...

stellarwp GiveWP – Donation Plugin and Fundraising Platform CVE
MEDIUM 6.4 CVE-2026-11380

JetWidgets For Elementor <= 1.0.21 - Authenticated (Author+) Stored Cross-Site Scripting via Animated Box 'animation_effect' Setting_CVE-2026-11380

The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.21. This is due ...

jetmonsters JetWidgets For Elementor CVE
HIGH 7.5 CVE-2026-1239

Ninja Forms <= 3.14.1 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via token/refresh REST Endpoint_CVE-2026-1239

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing a...

kstover Ninja Forms – The Contact Form Builder That Grows With You CVE
HIGH 7.5 CVE-2026-14193

DVP80ES300T – Improper Validation of Array Index Vulnerability_CVE-2026-14193

DVP80ES300T with Improper Validation of Array Index Vulnerability

deltaww DVP80ES300T CVE
HIGH 7.4 CVE-2026-12579

AS228T – Authentication Bypass Vulnerability_CVE-2026-12579

AS228T with Authentication Bypass Vulnerability

deltaww AS228T CVE
HIGH 7.5 CVE-2026-11823

BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter_CVE-2026-11823

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_service_date' parameter of the bpa_assi...

Repute Infosystems BookingPress Appointment Booking Pro CVE
MEDIUM 4.8 CVE-2025-15666

Open Asset Import Library Assimp Model File SceneCombiner.cpp Copy heap-based overflow_CVE-2025-15666

A security vulnerability has been detected in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function Assimp::...

Open Asset Import Library Assimp 5.4.0 CVE
NONE THN:B4D7A1F379A...

Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery_THN:B4D7A1F379A5B964A3E344EE5A2CEAE2

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXEaR4unJmt3rBY1LzI0Gq_veoF7Qzi-yPQNUcoR2oNV802lQ4MZAviyeq7bBh73PLAyp1quTozDq0ki_zm_...

N/A N/A THN
NONE THN:C46AE7905BE...

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts_THN:C46AE7905BE451EB6EFAFFDF0134A46D

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlhMdp0ML_DO3inv2zhyphenhyphenoZ9CmB1ESRBbVh_YHPol3serW7D4zTsXPGVjF62GhEcvamH6fmTs0Z...

N/A N/A THN