CVE-2026-42688 is a Subscriber Cross Site Scripting (XSS) vulnerability in Modula Image Gallery versions <= 2.14.23. The vulnerability has a CVSS score of 6.5, indicating a MEDIUM severity level. The CVE was published on 2026-06-15T21:16:56.990Z and last modified on 2026-06-15T21:24:32.790Z. For more information, refer to the [CVE-2026-42688 CVE record](resourceLinkAnnotations.cve-org) and [CVE-2026-42688 [truncated]
CVE-2026-39489 is a medium-severity vulnerability (CVSS Score: 4.4) affecting the Download Monitor plugin for WordPress, specifically versions up to 5.1.9. The issue allows an author to download arbitrary files. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
CVE-2026-39481 is a HIGH-severity vulnerability in Modula Image Gallery plugin versions up to 2.14.18. The issue is an Author PHP Object Injection vulnerability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.2.
A Missing Authorization vulnerability in the WP Chill RSVP and Event Management WordPress plugin allows attackers to exploit incorrectly configured access control security levels. The vulnerability affects all versions from n/a through 2.7.16. The issue was published in the CVE database on May 25, 2026, with a subsequent modification on May 26, 2026. The vulnerability is classified as CWE-862 (Missing Aut [truncated]
CVE-2026-27424 is a missing-authorization / broken-access-control issue reported for the WordPress Image Photo Gallery Final Tiles Grid plugin through version 3.6.11. The NVD record maps it to CWE-862 and assigns a CVSS 3.1 score of 4.3 (Medium), with a network-reachable, low-privilege attack path and limited confidentiality impact in the supplied vector. The source data points to a Patchstack advisory fo [truncated]