Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-14394

CVE-2026-14394_CVE-2026-14394

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pa...

Google Chrome 150.0.7871.46 CVE
HIGH 8.8 CVE-2026-14385

CVE-2026-14385_CVE-2026-14385

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a...

Google Chrome 150.0.7871.46 CVE
MEDIUM 6.5 CVE-2026-11965

User Registration & Membership < 5.2.0 - Unauthenticated Paid Membership Bypass_CVE-2026-11965

The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscript...

Unknown User Registration & Membership CVE
LOW 2.7 CVE-2026-11781

Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX_CVE-2026-11781

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration ...

Unknown Adminify CVE
LOW 2.7 CVE-2026-11578

Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR_CVE-2026-11578

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manage...

Unknown Fluent Forms CVE
MEDIUM 6.8 CVE-2026-10077

YOOtheme Pro < 5.0.35 - Author+ Stored XSS via UIkit Data Attributes_CVE-2026-10077

The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permit...

Unknown yootheme CVE
MEDIUM 5.3 CVE-2026-57760

WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability_CVE-2026-57760

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This ...

Sendcloud Sendcloud Shipping n/a CVE
HIGH 7.1 CVE-2026-57678

WordPress Slider Revolution plugin 7.0.0-7.0.16 – Cross Site Scripting (XSS) vulnerability_CVE-2026-57678

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected...

ThemePunch Slider Revolution 7.0.0 CVE
HIGH 8.8 CVE-2026-56037

WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability_CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a throu...

Themify Themify Popup n/a CVE
MEDIUM 6.4 CVE-2026-14449

POST-based reflected XSS via the thanks parameter in form components_CVE-2026-14449

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

u5CMS u5CMS CVE