| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-8689 | Visualizer: Tables and Charts Manager for WordPress <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification via renderChartPages() and uploadData() Functions | themeisle | Visualizer: Tables and Charts Manager for WordPress | Medium | 4.3 | 2026-05-28 07:43:43 | Deep Dive |
| CVE-2026-7526 | PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page | smub | PDF Embedder | Medium | 4.3 | 2026-05-28 07:43:42 | Deep Dive |
| CVE-2026-9807 | Incorrect Authorization in GitLab | GitLab | GitLab | Medium | 4.3 | 2026-05-28 07:34:38 | Deep Dive |
| CVE-2026-4408 | Samba: remote code execution in samr | Red Hat | Red Hat Enterprise Linux 10 | Critical | 9.0 | 2026-05-28 07:25:27 | Deep Dive |
| CVE-2026-7797🧪 | Appointment Booking Calendar <= 1.6.11.8 - Unauthenticated SQL Injection via 'append_where_sql' Parameter | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.5 | 2026-05-28 06:45:43 | Deep Dive |
| CVE-2026-7052 | HT Contact Form <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | High | 7.2 | 2026-05-28 06:45:43 | Deep Dive |
| CVE-2026-7660 | Easy Updates Manager <= 9.0.20 - Reflected Cross-Site Scripting via 'paged' Parameter | davidanderson | Easy Updates Manager | Medium | 6.1 | 2026-05-28 06:45:42 | Deep Dive |
| CVE-2026-6455 | WP Contact Form 7 DB Handler <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion via 'contact_form' Parameter | yudiz | WP Contact Form 7 DB Handler | High | 8.1 | 2026-05-28 06:45:42 | Deep Dive |
| CVE-2026-8682 | 3D Viewer <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification via settings REST endpoint | hasanazizul | 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On | Medium | 4.3 | 2026-05-28 06:45:42 | Deep Dive |
| CVE-2026-7621 | SMTP2GO for WordPress <= 1.16.0 - Missing Authorization to Authenticated (Subscriber+) Log Read/Truncate | smtp2go | SMTP2GO for WordPress – Email Made Easy | Medium | 4.3 | 2026-05-28 06:45:41 | Deep Dive |
| CVE-2026-7552 | Geo Mashup <= 1.13.19 - Missing Authorization to Unauthenticated Plugin Settings Disclosure via 'geo_mashup_content' Parameter | cyberhobo | Geo Mashup | Medium | 5.3 | 2026-05-28 06:45:41 | Deep Dive |
| CVE-2026-6427 | a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element | a3rev | a3 Lazy Load | Medium | 6.4 | 2026-05-28 06:45:40 | Deep Dive |
| CVE-2026-9227 | GutenBee <= 2.20.1 - Authenticated (Author+) Arbitrary File Upload via wp_check_filetype_and_ext Filter | cssigniterteam | GutenBee – Gutenberg Blocks | High | 8.8 | 2026-05-28 06:45:40 | Deep Dive |
| CVE-2026-7651 | User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2026-05-28 06:45:39 | Deep Dive |
| CVE-2026-9618 | PeachPay <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 4.3 | 2026-05-28 06:45:39 | Deep Dive |
| CVE-2026-7634 | SlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header | veronalabs | SlimStat Analytics | High | 7.2 | 2026-05-28 06:45:38 | Deep Dive |
| CVE-2026-9806 | Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names | misp | cti-transmute | - | - | 2026-05-28 06:41:49 | Deep Dive |
| CVE-2026-7862 | Eupago Gateway For Woocommerce < 4.7.2 - Unauthenticated Arbitrary Refund Initiation | Unknown | Eupago Gateway For Woocommerce | - | - | 2026-05-28 06:00:12 | Deep Dive |
| CVE-2026-44604🧪 | Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command | Red Hat | Pen Drive Powered by Red Hat Lightspeed | High | 7.0 | 2026-05-28 05:59:21 | Deep Dive |
| CVE-2026-7533 | Easy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' Parameter | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 4.3 | 2026-05-28 05:30:41 | Deep Dive |