Skip to main content

SimpleHelp RMM Authentication Bypass Under Active Exploitation Delivering TaskWeaver and Djinn Stealer (CVE-2026-48558)

Scope: SimpleHelp Remote Monitoring and Management (RMM) Versions 5.5.15 and Earlier, and 6.0 Pre-Re

EventON WordPress Plugin SQL Injection Exposes Database Contents (CVE-2026-9711)

Scope: EventON WordPress Plugin (Versions Affected, Exact Range Unspecified in Source Material)

Open VSX Registry Stored XSS Enables Supply Chain Attack Against VS Code, Cursor, and Windsurf (CVE-2026-13323)

Scope: Open VSX Registry Versions Prior to 1.0.2 (Affects VS Code, VSCodium, Cursor, Windsurf, and O

RegistrationMagic WordPress Plugin CSRF to Privilege Escalation Granting Admin Access (CVE-2026-12158)

Scope: RegistrationMagic Plugin Versions up to and Including 6.0.9.1

nginx-proxy-manager Prototype Pollution via JSON Parser Enables Unauthenticated RCE (CVE-2026-13228)

Scope: nginx-proxy-manager-2-rootfs Package Versions Prior to 2.13.1-r0

Download Manager WordPress Plugin Authenticated Stored XSS via Shortcode Attribute (CVE-2026-13733)

Scope: Download Manager WordPress Plugin Versions up to and Including 3.3.60

Custom Payment Gateways for WooCommerce Unauthenticated Stored XSS in Checkout Fields (CVE-2026-7517)

Scope: Custom Payment Gateways for WooCommerce Plugin Versions up to and Including 2.1.0

Subscribe to Advisories