XSS Vulnerability in Floating Menu Plugin//Published on 2026-05-20//CVE-2026-4811
WordPress stored XSS in WPB Floating Menu; patch to 1.0.9 and harden security.
Plugin Vulnerabilities
Critical Arbitrary File Upload in WooCommerce Plugin//Published on 2026-05-20//CVE-2026-45444
Urgent security advisory for CVE-2026-45444 in Gift Cards for WooCommerce Pro; mitigation and hardening.
Critical Arbitrary File Upload in WooCommerce Plugin//Published on 2026-05-20//CVE-2026-45444
Urgent security advisory for CVE-2026-45444 in Gift Cards for WooCommerce Pro; mitigation and hardening.
Investigating XSS Vulnerability in Visualizer Plugin//Published on 2026-05-20//CVE-2026-24573
CVE-2026-24573 Visualizer XSS explained with immediate remediation and WAF guidance
WordPress Final Tiles Grid Access Control Vulnerability//Published on 2026-05-20//CVE-2026-27424
WordPress broken access control CVE-2026-27424 Final Tiles Grid Gallery patch and WAF guidance
Critical Access Control Flaw in WpBookingly Plugin//Published on 2026-05-20//CVE-2026-27405
Broken access control in WpBookingly CVE-2026-27405 with patch to 1.3.0.
Critical Access Control Flaw in WpBookingly Plugin//Published on 2026-05-20//CVE-2026-27405
Broken access control in WpBookingly CVE-2026-27405 with patch to 1.3.0.
WordPress Final Tiles Grid Access Control Vulnerability//Published on 2026-05-20//CVE-2026-27424
WordPress broken access control CVE-2026-27424 Final Tiles Grid Gallery patch and WAF guidance
Npm libp2p kad dht Security Advisory//Published on 2026-05-20//CVE-2026-45783
Unvalidated PUT_VALUE vulnerability in kad-dht CVE-2026-45783; guidance for WordPress owners to patch and mitigate
Critical Vulnerability Discovered in turbo codemod Package//Published on 2026-05-20//CVE-2026-45772
Covers CVE-2026-45772 in @turbo/codemod, impact on WordPress, and protective steps.