EUVD-2026-36855

Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...

EUVD-2026-36849

Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...

EUVD-2026-36847

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

EUVD-2026-36841

Unauthenticated SQL Injection in Realtyna Organic IDX plugin = 5.1.0 versions...

EUVD-2026-36839

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.7.2 versions...

CVE-2026-42665

Summary (CVE-2026-42665): Unauthenticated SQL Injection in the WordPress plugin “WP Data Access” (versions

EUVD-2026-36823

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

CVE-2026-42658 WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

CVE-2026-42658

The CVE-2026-42658 entry concerns the WordPress Classified Listing plugin, affected versions

EUVD-2026-36819

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

CVE-2026-42651 WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

EUVD-2026-36816

Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...

EUVD-2026-36813

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...

CVE-2026-40785 WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

CVE-2026-39472

The CVE-2026-39472 affects the WordPress WooCommerce PDF Invoices & Packing Slips plugin prior to version 5.9.0, where a PHP Object Injection vulnerability was reported affecting shop manager operations. The root cause is a PHP Object Injection flaw in this plugin version, with CVSS 3.1 base metr...

CVE-2026-39441 WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

CVE-2026-25425

CVE-2026-25425 concerns the WordPress plugin User Registration (versions ≤ 5.1.2). The connected sources confirm an Unauthenticated Broken Access Control vulnerability in this plugin, affecting its ability to restrict access to certain functions or data. The CVE entry explicitly lists the issue a...

CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

CVE-2026-9595 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

Claude Fable 5 and Mythos 5 &#8220;abruptly disabled&#8221; after US gov. ban

Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse by adversaries. Reuters reports that Anthropic said it will "abruptly ​disable" its most advanced AI models for all users after the US government ordered it to suspend access...