Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 4.3 PACKETSTORM:224390

📄 Docmost 0.70.2 Authorization Bypass_PACKETSTORM:224390

In Docmost versions 0.70.0 through 0.70.2, restricted child pages hidden from public share viewers could still leak through public share search res...

N/A N/A PACKETSTORM
MEDIUM 6.5 CVE-2026-8380

Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion_CVE-2026-8380

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion,...

Unknown Frontend File Manager Plugin CVE
MEDIUM 6.8 CVE-2026-9699

Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors_CVE-2026-9699

Mattermost Plugins versions

Mattermost Mattermost CVE
MEDIUM 5.3 CVE-2026-57665

WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57665

Unauthenticated Insecure Direct Object References (IDOR) in GravityView

GravityKit GravityView n/a CVE
MEDIUM 4.3 CVE-2026-57664

WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability_CVE-2026-57664

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder

VillaTheme Bopo – WooCommerce Product Bundle Builder n/a CVE
MEDIUM 5.4 CVE-2026-57661

WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability_CVE-2026-57661

Subscriber Broken Access Control in WPComplete

Nexcess WPComplete n/a CVE
MEDIUM 5.3 CVE-2026-57660

WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability_CVE-2026-57660

Unauthenticated Broken Access Control in Booking and Rental Manager

magepeopleteam Booking and Rental Manager n/a CVE
MEDIUM 4.3 CVE-2026-57657

WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-57657

Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP

Noor Alam Gmail SMTP n/a CVE
MEDIUM 5.9 CVE-2026-57656

WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57656

Author Cross Site Scripting (XSS) in Hester Core

peregrinethemes Hester Core n/a CVE
MEDIUM 6.5 CVE-2026-57654

WordPress Affiliates Manager plugin <= 2.9.49 - Broken Access Control vulnerability_CVE-2026-57654

Affiliate Broken Access Control in Affiliates Manager

wp.insider Affiliates Manager n/a CVE