NVD disclosure day

Published threat advisories for May 2, 2026

CVE-2026-7458

WordPress plugin lets anyone log in as an administrator

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A WordPress plugin vulnerability allows anyone to log in as an administrator without a password, potentially exposing sensitive data and enabling complete site takeover.

NVD published: May 2, 2026

CVE advisoryCRITICAL

CVE-2026-4882

WordPress plugin lets attackers upload files to gain control of your site

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A WordPress plugin flaw allows anyone to upload files to your site, potentially letting them take full control.

NVD published: May 2, 2026