Skip to main content

RegistrationMagic WordPress Plugin CSRF to Privilege Escalation Granting Admin Access (CVE-2026-12158)

Scope: RegistrationMagic Plugin Versions up to and Including 6.0.9.1

nginx-proxy-manager Prototype Pollution via JSON Parser Enables Unauthenticated RCE (CVE-2026-13228)

Scope: nginx-proxy-manager-2-rootfs Package Versions Prior to 2.13.1-r0

Download Manager WordPress Plugin Authenticated Stored XSS via Shortcode Attribute (CVE-2026-13733)

Scope: Download Manager WordPress Plugin Versions up to and Including 3.3.60

Custom Payment Gateways for WooCommerce Unauthenticated Stored XSS in Checkout Fields (CVE-2026-7517)

Scope: Custom Payment Gateways for WooCommerce Plugin Versions up to and Including 2.1.0

NEX-Forms WordPress Plugin Unauthenticated Stored XSS via Form Field Name (CVE-2026-12142)

Scope: NEX-Forms Ultimate Forms Plugin for WordPress Versions up to and Including 9.2.2

WP-BusinessDirectory WordPress Plugin Unauthenticated Arbitrary File Deletion (CVE-2026-6070)

Scope: WP-BusinessDirectory WordPress Plugin Versions up to and Including 4.0.1

Adobe ColdFusion Multiple Critical Unauthenticated RCE Vulnerabilities (CVE-2026-48277 / CVE-2026-48281 / CVE-2026-48282 / CVE-2026-48283 / CVE-2026-48313)

Scope: Adobe ColdFusion 2023 (Versions up to 2023.20) and ColdFusion 2025 (Versions up to 2025.9)

Subscribe to Advisories