CVE-2026-24358 WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.3...

CVE-2026-24355

Summary: CVE-2026-24355 is a Stored XSS in the Houzez Theme - Functionality (Houzez Theme - Functionality plugin) for WordPress. The issue arises from improper neutralization of input during web page generation, allowing stored malicious payloads to be executed in the context of the affected site...

CVE-2026-22388

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through = 2.2.2...

CVE-2025-69311 WordPress Broadstreet Ads plugin <= 1.52.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.1...

CVE-2025-69186

CVE-2025-69186: Missing Authorization in the Hospital Doctor Directory WordPress plugin (hospital-doctor-directory

CVE-2025-69183

CVE-2025-69183 describes an Authenticated Privilege Escalation in the WordPress plugin “Hospital Doctor Directory” (e-plugins) where an incorrect privilege assignment allows subscriber+ users to escalate privileges. Affected version range:

CVE-2025-69056 WordPress Hotel Listing plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Hotel Listing hotel-listing allows Reflected XSS.This issue affects Hotel Listing: from n/a through = 1.4.0...

CVE-2025-68898

The CVE-2025-68898 issue is a Stored XSS in Synergy Project Manager (WordPress plugin) versions up to and including 1.5, caused by improper input handling during web page generation. Based on connected records, there is no published fix in the provided sources; patch/status shows as Unpatched. Af...

CVE-2025-68883 WordPress bidorbuy Store Integrator plugin <= 2.12.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through = 2.12.0...

CVE-2025-68857 WordPress Paid Downloads plugin <= 3.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

CVE-2025-68849

CVE-2025-68849 — Quote Master WordPress plugin (

CVE-2025-68058 WordPress Institutions Directory plugin <= 1.3..4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3..4...

CVE-2025-68059

CVE-2025-68059 : WordPress plugin Hotel Listing (versions up to 1.4.2) has a Missing Authorization / Broken Access Control vulnerability in e-plugins Hotel Listing. The issue arises from incorrectly configured access control security levels, enabling unauthorized access to protected functions. Pu...

CVE-2025-68027 WordPress Hydra Booking plugin <= 1.1.32 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through = 1.1.32...

CVE-2025-67947

CVE-2025-67947 affects AdForest Elementor (adforest-elementor) for WordPress, with an unauthenticated Reflected XSS due to improper input handling during web page generation. Affected version range:

CVE-2025-67945 WordPress MailerLite – WooCommerce integration plugin <= 3.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through = 3.1.2...

CVE-2025-53240 WordPress WordPress Photo Gallery plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through = 1.1.0...

CVE-2025-27005 WordPress HTML5 Video Player plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...

WordPress Institutions Directory plugin <= 1.3.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Institutions Directory versions = 1.3.4...

WordPress plugin REHub Framework has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...