Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-54807

WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability_CVE-2026-54807

Unauthenticated Privilege Escalation in Registration Form for WooCommerce

ThemeGrill Registration Form for WooCommerce n/a CVE
CRITICAL 9.8 CVE-2026-54806

WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability_CVE-2026-54806

Unauthenticated PHP Object Injection in WP Activity Log

Melapress WP Activity Log n/a CVE
CRITICAL 9.8 CVE-2026-54803

WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability_CVE-2026-54803

Subscriber Privilege Escalation in SMS Alert Order Notifications

Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications n/a CVE
CRITICAL 9.3 CVE-2026-54187

WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability_CVE-2026-54187

Unauthenticated SQL Injection in JetEngine

Jetimpex Inc. JetEngine n/a CVE
CRITICAL 9.3 CVE-2026-54186

WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability_CVE-2026-54186

Unauthenticated SQL Injection in JobSearch

eyecix JobSearch n/a CVE
CRITICAL 9.8 CVE-2026-52706

WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability_CVE-2026-52706

Unauthenticated PHP Object Injection in JetEngine

Jetimpex Inc. JetEngine n/a CVE
CRITICAL 9 CVE-2026-52705

WordPress SigmaForms Pro – AI Generated Forms plugin <= 1.4.5 - Arbitrary File Upload vulnerability_CVE-2026-52705

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms

BDthemes SigmaForms Pro – AI Generated Forms 1.4.5 CVE
CRITICAL 9.8 CVE-2026-49767

WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability_CVE-2026-49767

Unauthenticated Broken Authentication in wpForo Forum

Tomdever wpForo Forum n/a CVE
CRITICAL 9.8 CVE-2026-49107

WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability_CVE-2026-49107

Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.

Thrive Themes Thrive Apprentice n/a CVE
CRITICAL 9.3 CVE-2026-49084

WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability_CVE-2026-49084

Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.

Jetimpex Inc. JetEngine n/a CVE