CVE-2026-24984 WordPress Visual Link Preview plugin <= 2.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through = 2.2.9...

CVE-2026-24952

Summary: CVE-2026-24952 affects the WordPress plugin Seriously Simple Podcasting (≤ 3.14.1). The issue is stored Cross-Site Scripting caused by improper input handling during web page generation. Impact: CVSSv3.1 base score 6.5 (Medium); confidentiality, integrity, and availability are LOW. Root ...

WordPress Brizy plugin <= 2.4.43 - Authenticated(Contributor+) Stored Cross-Site Scripting via Form Functionality vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Form Functionality vulnerability discovered by RandomRoot in WordPress Plugin Brizy versions = 2.4.43...

WordPress Store Locator plugin <= 3.98.9 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Jay Nguyen in WordPress Plugin Store Locator versions 3.98.9...

WordPress Web3 Cryptocurrency Payments by DePay for WooCommerce plugin <= 2.12.17 - Missing Authorization to Information Exposure vulnerability

Missing Authorization to Information Exposure vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Web3 Cryptocurrency Payments by DePay for WooCommerce versions = 2.12.17...

WordPress EmbedPress plugin <= 3.9.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via PDF Widget URL vulnerability discovered by RandomRoot in WordPress Plugin EmbedPress versions = 3.9.10...

WordPress WooCommerce Social Login plugin <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...

WordPress Salient Shortcodes plugin <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Shortcodes versions = 1.5.3...

WordPress Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability

Open Redirection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Update URLs Quick and Easy way to search old links and replace them with new links in WordPress versions = 1.4.1...

WordPress Secure Copy Content Protection and Content Locking plugin < 4.1.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Secure Copy Content Protection and Content Locking versions 4.1.7...

CVE-2026-0825 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to download...

WordPress aDirectory plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin aDirectory versions = 3.0.3...

WordPress plugin AhaChat Messenger Marketing has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-24624

CVE-2026-24624 pertains to WordPress Neoforum plugin with SAEROS1984 Neoforum: SQL injection allowing Blind SQL Injection in Neoforum versions up to 1.0. Public risk details mention affected product and vulnerability type; no patch/version fix details are provided in the connected documents.

CVE-2026-24622 WordPress Suggestion Toolkit plugin <= 5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through = 5.0...

CVE-2026-24556

CVE-2026-24556 affects WordPress ElementCamp plugin (ElementCamp, element-camp) up to version 2.3.2. The issue is a Missing/Broken Authorization vulnerability in the access-control configuration that may allow unauthorized actions. Public details in connected sources confirm the root cause as inc...

CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

WordPress Sunshine Photo Cart plugin <= 3.5.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Sunshine Photo Cart versions = 3.5.7.2...

WordPress plugin Points and Rewards for WooCommerce has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-24358 WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.3...