WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability

User Profiles, Groups and Communities plugin = 5.9.9.5 - User Profiles, Groups and Communities = 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability discovered by Ivan Kuzymchak - Wordfence in WordPress Plugin ProfileGrid versions = 5.9.9.5...

CVE-2026-56028

Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...

CVE-2026-56030

Unauthenticated Privilege Escalation in Paytium = 5.0.2 versions...

EUVD-2026-39696

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

CVE-2026-56030

CVE-2026-56030 affects WordPress Paytium plugin (versions

CVE-2026-56028 WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...

EUVD-2026-39691

Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...

WordPress SignUp & SignIn plugin <= 1.0.0 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin SignUp & SignIn versions = 1.0.0...

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin Branda versions = 3.4.29...

CVE-2026-27395 WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...

PT-2026-50087

Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...

EUVD-2026-36968

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

EUVD-2026-36966

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

EUVD-2026-36922

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

CVE-2026-49063

Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...

CVE-2026-34901

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

PT-2026-49403

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

PT-2026-49367

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

PT-2026-49401

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

PT-2026-49222

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...