Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.2 CVE-2026-7517

Custom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' Parameter_CVE-2026-7517

The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alg_wc_cpg_input_fields' par...

dhruvin Custom Payment Gateways for WooCommerce CVE
CRITICAL 9.1 CVE-2026-6070

WP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' Parameter_CVE-2026-6070

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This ...

cmsjunkie WP-BusinessDirectory – Business directory plugin for WordPress CVE
MEDIUM 6.9 CVE-2026-58519

Stored XSS through Cargo’s map format_CVE-2026-58519

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo Ex...

The Wikimedia Foundation Mediawiki - Cargo Extension * CVE
MEDIUM 6.9 CVE-2026-58518

CVE-2026-58518_CVE-2026-58518

Cross-Site request forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery...

The Wikimedia Foundation Mediawiki - RedirectManager Extension * CVE
LOW 3.7 CVE-2026-44042

UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check_CVE-2026-44042

UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/w...

uvnc UltraVNC CVE
MEDIUM 4.3 CVE-2026-44041

UltraVNC vncWc2Mb calls wcslen() before validating that the wide string is NUL-terminated_CVE-2026-44041

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb() functi...

uvnc UltraVNC CVE
MEDIUM 4.8 CVE-2026-44040

UltraVNC vncauth.c uses time-seeded libc rand() to generate VNC authentication challenge bytes_CVE-2026-44040

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth...

uvnc UltraVNC CVE
MEDIUM 6.4 CVE-2026-2387

Event Organiser <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via eo_events Shortcode_CVE-2026-2387

The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to ...

stephenharris Event Organiser CVE
HIGH 7.2 CVE-2026-13731

WPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' Parameter_CVE-2026-13731

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'co...

quantumcloud WPBot – AI ChatBot for Live Support, Lead Generation, AI Services CVE
HIGH 7.5 CVE-2026-13468

Visualizer <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via /visualizer/v1/action/{chart}/{type}/ REST Endpoint_CVE-2026-13468

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up t...

themeisle Visualizer – Tables & Charts Manager with Built-in AI Generator CVE