Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2026-56032

WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability_CVE-2026-56032

Subscriber PHP Object Injection in Buddyboss Platform

BuddyBoss Buddyboss Platform n/a CVE
HIGH 8.1 CVE-2026-56031

WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability_CVE-2026-56031

Unauthenticated PHP Object Injection in Uncanny Automator

Uncanny Owl Uncanny Automator n/a CVE
CRITICAL 9.8 CVE-2026-56030

WordPress Paytium plugin <= 5.0.2 - Privilege Escalation vulnerability_CVE-2026-56030

Unauthenticated Privilege Escalation in Paytium

paytiumsupport Paytium n/a CVE
HIGH 7.5 CVE-2026-56029

WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability_CVE-2026-56029

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway

corvuspay CorvusPay WooCommerce Payment Gateway n/a CVE
CRITICAL 9.8 CVE-2026-56028

WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability_CVE-2026-56028

Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website Templates

themewant Easy Elements for Elementor – Addons & Website Templates n/a CVE
CRITICAL 9.9 CVE-2026-56027

WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability_CVE-2026-56027

Customer Arbitrary File Upload in Booster for WooCommerce

Pluggabl Booster for WooCommerce n/a CVE
MEDIUM 6.4 CVE-2026-56026

WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability_CVE-2026-56026

Subscriber Server Side Request Forgery (SSRF) in utm.codes

Chris Carlevato utm.codes n/a CVE
HIGH 7.5 CVE-2026-56025

WordPress Paymob for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability_CVE-2026-56025

Unauthenticated Broken Access Control in Paymob for WooCommerce

Paymob Paymob for WooCommerce n/a CVE
HIGH 7.1 CVE-2026-56011

WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56011

Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress

chrisvrichardson MapPress Maps for WordPress n/a CVE
HIGH 8.8 CVE-2026-56010

WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vulnerability_CVE-2026-56010

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce

Tyche Softwares. Abandoned Cart Pro for WooCommerce n/a CVE