Recent Advisories

Severity ID Title Vendor Product Date Type
NONE 2F37FB50-1C17-

Poc_2F37FB50-1C17-5CF9-B22D-FCF5E9C8EBC5

No description provided...

N/A N/A GITHUBEXPLOIT
NONE THN:C9A1143D73F...

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos_THN:C9A1143D73F05246E3C8D296B1E09C36

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd_BdKzn7-7TCZJfnsZBy25kGm8xiQTrJquj8vMVsjlRXf7LXqMiJLQs8ic-lNLRc51whJzP-B4Nv9OOzfgO...

N/A N/A THN
CRITICAL 9.8 THN:84197EDE93C...

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations_THN:84197EDE93C292DD6425E3EC1760B383

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcA80dQWiuszAlBgwcxzc3suImls2cKOwk_2nYMo7UY5MNSdlKNMgibekQNEhWRuxmX5s1JcLHCd_dsDZ3m9...

N/A N/A THN
HIGH 8.1 CVE-2026-5821

Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection_CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficien...

elemntor Image Optimizer – Optimize Images and Convert to WebP or AVIF CVE
MEDIUM 5.3 CVE-2026-5348

Academy LMS <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic Disclosure_CVE-2026-5348

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in ve...

kodezen Academy LMS – WordPress LMS Plugin for Complete eLearning Solution CVE
HIGH 7.5 CVE-2026-14249

Request a Quote Form Plugin <= 2.5.5 - Unauthenticated Code Injection via 'path' Parameter_CVE-2026-14249

The Request a Quote plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 2.5.5 via the emd_delete_file AJAX actio...

emarket-design Request a Quote – Quote Forms for Any WordPress Site CVE
MEDIUM 6.4 CVE-2026-13704

GiveWP <= 4.16.1 - Authenticated (Give Worker+) Stored Cross-Site Scripting via Sequioa Form_CVE-2026-13704

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sequoia[introducti...

stellarwp GiveWP – Donation Plugin and Fundraising Platform CVE
MEDIUM 4.9 CVE-2026-13357

Houzez Property Feed <= 2.5.46 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter_CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5....

propertyhive Houzez Property Feed CVE
MEDIUM 4.3 CVE-2026-11600

Envo’s Templates & Widgets for Elementor and WooCommerce <= 1.4.26 - Missing Authorization to Authenticated (Author+) Private Content Disclosure via Envo Tabs Widget 'templates' Setting_CVE-2026-11600

The Envo's Templates & Widgets for Elementor and WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing aut...

envothemes Envo's Templates & Widgets for Elementor and WooCommerce CVE
MEDIUM 4.3 CVE-2026-11592

Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action_CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to a...

icegram Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress CVE