Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.4 CVE-2026-39527

WordPress WpStream plugin < 4.11.2 - Arbitrary File Upload vulnerability_CVE-2026-39527

Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.

sc Internet Vivoo WpStream n/a CVE
MEDIUM 6.5 CVE-2026-39525

WordPress Booking Activities plugin <= 1.16.48.1 - Broken Access Control vulnerability_CVE-2026-39525

Unauthenticated Broken Access Control in Booking Activities

Booking Activities Team Booking Activities n/a CVE
HIGH 7.5 CVE-2026-39524

WordPress Masteriyo – LMS plugin <= 2.1.5 - Payment Bypass vulnerability_CVE-2026-39524

Unauthenticated Broken Access Control in Masteriyo - LMS

ThemeGrill Masteriyo - LMS n/a CVE
CRITICAL 9.3 CVE-2026-39519

WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability_CVE-2026-39519

Unauthenticated SQL Injection in GeekyBot

Ahmad GeekyBot n/a CVE
HIGH 7.1 CVE-2026-39518

WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-39518

Subscriber Insecure Direct Object References (IDOR) in EventPrime

EventPrime EventPrime n/a CVE
MEDIUM 6.5 CVE-2026-39515

WordPress Motors plugin < 1.4.107 - Broken Access Control vulnerability_CVE-2026-39515

Subscriber Broken Access Control in Motors < 1.4.107 versions.

StylemixThemes Motors n/a CVE
HIGH 7.1 CVE-2026-39514

WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-39514

Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions

Cozmoslabs Paid Member Subscriptions n/a CVE
HIGH 7.5 CVE-2026-39513

WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability_CVE-2026-39513

Unauthenticated Broken Access Control in Easy Appointments

Easy Appointments Easy Appointments n/a CVE
CRITICAL 9.3 CVE-2026-39512

WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability_CVE-2026-39512

Unauthenticated SQL Injection in GeoDirectory

Paolo GeoDirectory n/a CVE
CRITICAL 9.3 CVE-2026-39511

WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability_CVE-2026-39511

Unauthenticated SQL Injection in WP Photo Album Plus

Jacob N. Breetvelt WP Photo Album Plus n/a CVE