| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-12277 | Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal | Unknown | Frontend File Manager Plugin | 高危 | - | 2026-07-07 06:00:02 | Deep Dive |
| CVE-2026-12375 | Uncanny Automator Pro 7.3.0.5 - Backdoor via Compromised Vendor Update Server | Unknown | uncanny-automator-pro | 超危 | - | 2026-07-07 06:00:02 | Deep Dive |
| CVE-2026-4375 | DoLeads Integrator <= 1.2.2 & wp2epub <= 0.65 - Unauthenticated RCE | Unknown | DoLeads Integrator | 超危 | - | 2026-07-07 06:00:02 | Deep Dive |
| CVE-2026-10834 | WP Travel Engine < 6.8.1 - Subscriber+ Arbitrary Media File Move via user_profile_image | Unknown | WP Travel Engine | 中危 | - | 2026-07-07 06:00:01 | Deep Dive |
| CVE-2026-6382 | Multiple elFinder Plugins - Authenticated OS Command Injection | Unknown | FileOrganizer | 超危 | - | 2026-07-06 06:00:02 | Deep Dive |
| CVE-2026-11855 | Simple Membership < 4.7.5 - Unauthenticated Stored XSS via Stripe Webhook API Version | Unknown | Simple Membership | 高危 | - | 2026-07-06 06:00:02 | Deep Dive |
| CVE-2026-11962 | FileOrganizer < 1.2.0 - Authenticated Arbitrary File Upload via elFinder File Operations | Unknown | FileOrganizer | 高危 | - | 2026-07-06 06:00:02 | Deep Dive |
| CVE-2026-12083 | Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter | Unknown | Admin and Site Enhancements (ASE) | 高危 | - | 2026-07-06 06:00:02 | Deep Dive |
| CVE-2026-11766 | Ultimate Member < 2.12.0 - Subscriber+ Stored XSS via Custom Textarea Profile Fields | Unknown | Ultimate Member | 高危 | - | 2026-07-06 06:00:01 | Deep Dive |
| CVE-2026-10830 | AllCoach < 1.0.2 - Unauthenticated Account Takeover | Unknown | AllCoach | 高危 | - | 2026-07-06 06:00:01 | Deep Dive |
| CVE-2024-6228 | WANotifier < 2.6 - Subscriber+ LFI | Unknown | Notifications for Forms & WordPress Actions | 高危 | - | 2026-07-06 06:00:01 | Deep Dive |
| CVE-2026-11578 | Fluent Forms < 6.2.5 - Form Manager+ Cross-Form Submission Entry Deletion via IDOR | Unknown | Fluent Forms | 低危 | - | 2026-07-02 06:00:03 | Deep Dive |
| CVE-2026-11965 | User Registration & Membership < 5.2.0 - Unauthenticated Paid Membership Bypass | Unknown | User Registration & Membership | 中危 | - | 2026-07-02 06:00:03 | Deep Dive |
| CVE-2026-11781 | Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX | Unknown | Adminify | 低危 | - | 2026-07-02 06:00:03 | Deep Dive |
| CVE-2026-10077 | YOOtheme Pro < 5.0.35 - Author+ Stored XSS via UIkit Data Attributes | Unknown | yootheme | 中危 | - | 2026-07-02 06:00:02 | Deep Dive |
| CVE-2026-11887 | Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass | Unknown | Salon Booking System | 中危 | - | 2026-07-01 06:00:03 | Deep Dive |
| CVE-2026-11880 | Fluent Forms < 6.2.1 - Subscriber+ Subscription Cancellation via IDOR | Unknown | Fluent Forms | 低危 | - | 2026-07-01 06:00:03 | Deep Dive |
| CVE-2026-11883 | WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass | Unknown | WebAuthn Provider for Two Factor | 高危 | - | 2026-07-01 06:00:03 | Deep Dive |
| CVE-2026-11568 | Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data | Unknown | Product Configurator for WooCommerce | 高危 | - | 2026-07-01 06:00:02 | Deep Dive |
| CVE-2026-11562 | WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update | Unknown | WS Form LITE | 中危 | - | 2026-07-01 06:00:02 | Deep Dive |