May 16, 2026CVE-2025-68049 affects the Bunnycdn WordPress plugin (up to version 2.3.6) with a medium severity (CVSS 4.3) vulnerability allowing unauthorized access.…
May 16, 2026CVE-2026-27416 affects the PDF Poster plugin for WordPress (versions ≤ 2.4.1) with a CVSS score of 5.3. Update to version…
May 16, 2026CVE-2025-68604 affects the WP GraphQL plugin (up to 2.5.3) with a medium severity (CVSS 4.3) due to cross-site request forgery.…
May 16, 2026CVE-2026-27415 affects the Woo Bulk Editor plugin for WordPress (up to version 1.1.5) with a medium severity (CVSS 4.3) CSRF…
May 16, 2026CVE-2025-62127 affects the WEN Logo Slider plugin (up to v3.4.0) with a CVSS score of 6.4. This medium-severity XSS vulnerability…
May 16, 2026CVE-2025-66105 affects the Bus Ticket Booking with Seat Reservation plugin for WordPress (up to v5.6.8). This medium severity vulnerability allows…
May 15, 2026CVE-2025-4202 affects the Multicollab plugin for WordPress (up to version 5.2) with a CVSS score of 4.3. Authenticated users can…
May 15, 2026CVE-2026-6708 affects the HEL Online Classroom plugin (up to v1.0.3) with a CVSS score of 5.3. Unauthenticated attackers can delete…
May 15, 2026CVE-2025-14767 affects the WPC Badge Management plugin (up to 3.1.6) with a CVSS score of 5.5. Authenticated attackers can exploit…
May 15, 2026CVE-2026-6913 affects the Shortcodely plugin for WordPress (up to version 1.0.1) with a CVSS score of 6.4. It allows authenticated…
May 15, 2026CVE-2026-8681 affects the Essential Chat Support plugin (up to version 1.0.1) with a medium severity CVSS score of 5.3. Unauthenticated…
May 15, 2026CVE-2026-6709 affects the Coinbase Commerce for Contact Form 7 plugin (v1.1.2 and lower), allowing authenticated attackers to overwrite API keys…
May 15, 2026CVE-2026-6710 affects the Skysa Text Ticker App plugin for WordPress (up to version 1.4) with a CVSS score of 4.3.…
May 15, 2026CVE-2026-7661 affects the Bootstrap Shortcode plugin for WordPress (up to version 1.0) with a CVSS score of 6.4. Authenticated attackers…
May 15, 2026CVE-2026-5693 affects the Smart Appointment Booking plugin (versions
May 15, 2026CVE-2026-5340 affects the Fancy Image Show plugin for WordPress (up to v9.1), allowing authenticated users to inject stored XSS. Patch…
May 15, 2026CVE-2026-5715 affects the Voyage Plus plugin for WordPress (up to version 1.0.6) with a medium severity CVSS score of 6.4.…
May 15, 2026CVE-2026-6256 affects the Source Shortcode plugin for WordPress (v1.2 and earlier) with a CVSS score of 6.4. Authenticated users can…
May 15, 2026CVE-2026-5028 affects the Eight Day Week Print Workflow plugin for WordPress (up to version 1.2.6) with a medium severity (CVSS…
May 15, 2026CVE-2026-7659 affects the Advanced Social Media Icons plugin (up to v1.2) with a medium severity CVSS score of 6.4. Authenticated…
