Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-57684

WordPress TheFox theme <= 3.9.70 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57684

Contributor Cross Site Scripting (XSS) in TheFox

tranmautritam TheFox n/a CVE
CRITICAL 9.3 CVE-2026-57683

WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability_CVE-2026-57683

Unauthenticated SQL Injection in WP Fast Total Search

Epsiloncool WP Fast Total Search n/a CVE
HIGH 7.1 CVE-2026-57682

WordPress Simple Link Directory plugin <= 15.0.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57682

Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory

QuantumCloud Simple Link Directory n/a CVE
MEDIUM 6.4 CVE-2026-57681

WordPress GeoDirectory plugin <= 2.8.161 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-57681

Subscriber Server Side Request Forgery (SSRF) in GeoDirectory

Paolo GeoDirectory n/a CVE
MEDIUM 6.5 CVE-2026-57680

WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57680

Unauthenticated Insecure Direct Object References (IDOR) in Kirki

Themeum Kirki n/a CVE
CRITICAL 9.3 CVE-2026-57679

WordPress GeekyBot plugin <= 1.2.5 - SQL Injection vulnerability_CVE-2026-57679

Unauthenticated SQL Injection in GeekyBot

Ahmadgb GeekyBot n/a CVE
CRITICAL 9.8 CVE-2026-57677

WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability_CVE-2026-57677

Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce

Novalnet Novalnet Payment Gateway for WooCommerce n/a CVE
HIGH 7.1 CVE-2026-57675

WordPress WP Photo Album Plus plugin <= 9.2.02.004 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57675

Unauthenticated Cross Site Scripting (XSS) in WP Photo Album Plus

Jacob N. Breetvelt WP Photo Album Plus n/a CVE
HIGH 7.1 CVE-2026-57674

WordPress Timetics plugin <= 1.0.58 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57674

Unauthenticated Cross Site Scripting (XSS) in Timetics

Arraytics Timetics n/a CVE
HIGH 7.1 CVE-2026-57673

WordPress Optimole plugin <= 4.2.7 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57673

Unauthenticated Cross Site Scripting (XSS) in Optimole

Optimole Optimole n/a CVE