Recent Advisories

Severity ID Title Vendor Product Date Type
LOW 2.7 CVE-2026-11578

Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR_CVE-2026-11578

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manage...

Unknown Fluent Forms CVE
MEDIUM 6.8 CVE-2026-10077

YOOtheme Pro < 5.0.35 - Author+ Stored XSS via UIkit Data Attributes_CVE-2026-10077

The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permit...

Unknown yootheme CVE
MEDIUM 5.3 CVE-2026-57760

WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability_CVE-2026-57760

Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This ...

Sendcloud Sendcloud Shipping n/a CVE
HIGH 7.1 CVE-2026-57678

WordPress Slider Revolution plugin 7.0.0-7.0.16 – Cross Site Scripting (XSS) vulnerability_CVE-2026-57678

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected...

ThemePunch Slider Revolution 7.0.0 CVE
HIGH 8.8 CVE-2026-56037

WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability_CVE-2026-56037

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a throu...

Themify Themify Popup n/a CVE
MEDIUM 6.4 CVE-2026-14449

POST-based reflected XSS via the thanks parameter in form components_CVE-2026-14449

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

u5CMS u5CMS CVE
CRITICAL 9.8 CVE-2026-5524

Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter_CVE-2026-5524

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and includ...

Divi Engine Divi Form Builder CVE
MEDIUM 5.3 CVE-2026-58653

PraisonAI – Authorization Bypass via Unvalidated project_id in Issue Create/Update_CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can cr...

PraisonAI PraisonAI CVE
HIGH 7.7 CVE-2026-58652

luci-app-travelmate – Arbitrary Command Execution via UCI Script Parameter_CVE-2026-58652

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL...

openwrt luci-app-travelmate 2.4.5-r3 CVE
MEDIUM 5.4 CVE-2026-4772

Stored XSS in TR7’s WAF-ASP_CVE-2026-4772

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Store...

TR7 Cyber ​​Defense Inc. WAF-ASP v1.0.324.900 CVE