Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.3 CVE-2026-39596

WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability_CVE-2026-39596

Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.

Creative Themes Blocksy Companion Pro n/a CVE
CRITICAL 9.9 CVE-2026-39589

WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability_CVE-2026-39589

Subscriber Arbitrary File Upload in Webenvo

A WP Life Webenvo n/a CVE
CRITICAL 9.9 CVE-2026-27041

WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability_CVE-2026-27041

Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium)

Studio Keren Aga LTD. Unlimited Elements for Elementor (Premium) n/a CVE
CRITICAL 9.9 CVE-2026-25446

WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability_CVE-2026-25446

Subscriber Arbitrary File Upload in WishList Member X

WishList Products, LLC. WishList Member X n/a CVE
CRITICAL 9.1 CVE-2026-24611

WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability_CVE-2026-24611

Unauthenticated Broken Access Control in MetForm Pro

WPMet MetForm Pro n/a CVE
CRITICAL 9.3 CVE-2026-22340

WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability_CVE-2026-22340

Unauthenticated SQL Injection in WPJobster

Jobster Marketplace WPJobster n/a CVE
CRITICAL 9.3 CVE-2026-22332

WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability_CVE-2026-22332

Unauthenticated SQL Injection in Tutor LMS Pro

Themeum Tutor LMS Pro n/a CVE
CRITICAL 9.9 CVE-2026-22327

WordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerability_CVE-2026-22327

Subscriber Arbitrary File Upload in Restaurt

Zozothemes Restaurt n/a CVE
CRITICAL 9.8 CVE-2025-69179

WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability_CVE-2025-69179

Unauthenticated Privilege Escalation in Support Ticket Management System

Theme passion Support Ticket Management System n/a CVE
CRITICAL 10 CVE-2025-69129

WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability_CVE-2025-69129

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site

Extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site n/a CVE