Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.5 CVE-2026-57756

WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability_CVE-2026-57756

Contributor SQL Injection in nicen-localize-image

友人a丶 nicen-localize-image n/a CVE
MEDIUM 6.5 CVE-2026-57755

WordPress Mosaic Gallery – Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57755

Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery

Misbah WP Mosaic Gallery – Advanced Gallery n/a CVE
MEDIUM 6.5 CVE-2026-57754

WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57754

Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder

Livemesh Livemesh Addons for WPBakery Page Builder n/a CVE
MEDIUM 5.3 CVE-2026-57753

WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Exposure vulnerability_CVE-2026-57753

Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce

Nathanbarry Kit (formerly ConvertKit) for WooCommerce n/a CVE
HIGH 8.5 CVE-2026-57752

WordPress iNET Webkit plugin 1.2.4 – SQL Injection vulnerability_CVE-2026-57752

Contributor SQL Injection in iNET Webkit 1.2.4 versions.

iNET iNET Webkit 1.2.4 CVE
HIGH 8.1 CVE-2026-57751

WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57751

Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login

Heateor Support Heateor Social Login n/a CVE
MEDIUM 5.3 CVE-2026-57750

WordPress ez Form Calculator Premium plugin <= 2.14.1.2 - Broken Access Control vulnerability_CVE-2026-57750

Unauthenticated Broken Access Control in ez Form Calculator Premium

Keksdieb ez Form Calculator Premium n/a CVE
HIGH 7.5 CVE-2026-57749

WordPress SportsPress Pro plugin <= 2.7.29 - Local File Inclusion vulnerability_CVE-2026-57749

Contributor Local File Inclusion in SportsPress Pro

ThemeBoy SportsPress Pro n/a CVE
HIGH 7.5 CVE-2026-57748

WordPress Shopify plugin <= 1.0.0 - Local File Inclusion vulnerability_CVE-2026-57748

Contributor Local File Inclusion in Shopify

Shopify Help Center Shopify n/a CVE
MEDIUM 6.5 CVE-2026-57747

WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57747

Unauthenticated Cross Site Request Forgery (CSRF) in Booked

ThemeREX Booked n/a CVE