A high-severity SQL injection vulnerability, known as CVE-2026-54813, has been discovered in the SureDash plugin. This vulnerability, with a CVSS score of 8.5, allows for blind SQL injection attacks. The issue affects SureDash versions from n/a through 1.8.0. Organizations using this plugin are advised to take immediate action to mitigate the risk. The vulnerability was published on June 17, 2026, and has [truncated]
CVE-2026-49781 is a critical vulnerability in the OttoKit plugin, specifically affecting versions up to and including 1.1.27. This vulnerability allows for unauthenticated PHP object injection, which can lead to severe consequences, including code execution, data breaches, and system compromise. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 9.8, indicating a critical sever [truncated]
CVE-2026-39470 is a HIGH severity vulnerability in WooCommerce Cart Abandonment Recovery plugin versions < 2.1.0. The vulnerability allows for Privilege Escalation by a Shop manager. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.2.
A Missing Authorization vulnerability in the Presto Player WordPress plugin (versions through 4.1.3) allows authenticated attackers with low privileges to exploit incorrectly configured access control security levels. The vulnerability, classified as CWE-862, was disclosed on May 19, 2026 and carries a CVSS 3.1 score of 4.3 (Medium severity). The issue stems from broken access control mechanisms that fail [truncated]