WordPress aDirectory plugin <= 3.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin aDirectory versions = 3.0.3...

WordPress plugin AhaChat Messenger Marketing has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-24624

CVE-2026-24624 pertains to WordPress Neoforum plugin with SAEROS1984 Neoforum: SQL injection allowing Blind SQL Injection in Neoforum versions up to 1.0. Public risk details mention affected product and vulnerability type; no patch/version fix details are provided in the connected documents.

CVE-2026-24622 WordPress Suggestion Toolkit plugin <= 5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through = 5.0...

CVE-2026-24556

CVE-2026-24556 affects WordPress ElementCamp plugin (ElementCamp, element-camp) up to version 2.3.2. The issue is a Missing/Broken Authorization vulnerability in the access-control configuration that may allow unauthorized actions. Public details in connected sources confirm the root cause as inc...

CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

WordPress Sunshine Photo Cart plugin <= 3.5.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Sunshine Photo Cart versions = 3.5.7.2...

WordPress plugin Points and Rewards for WooCommerce has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-24358 WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 10.3.3...

CVE-2026-24355

Summary: CVE-2026-24355 is a Stored XSS in the Houzez Theme - Functionality (Houzez Theme - Functionality plugin) for WordPress. The issue arises from improper neutralization of input during web page generation, allowing stored malicious payloads to be executed in the context of the affected site...

CVE-2026-22388

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through = 2.2.2...

CVE-2025-69311 WordPress Broadstreet Ads plugin <= 1.52.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.1...

CVE-2025-69186

CVE-2025-69186: Missing Authorization in the Hospital Doctor Directory WordPress plugin (hospital-doctor-directory

CVE-2025-69183

CVE-2025-69183 describes an Authenticated Privilege Escalation in the WordPress plugin “Hospital Doctor Directory” (e-plugins) where an incorrect privilege assignment allows subscriber+ users to escalate privileges. Affected version range:

CVE-2025-69056 WordPress Hotel Listing plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Hotel Listing hotel-listing allows Reflected XSS.This issue affects Hotel Listing: from n/a through = 1.4.0...

CVE-2025-68898

The CVE-2025-68898 issue is a Stored XSS in Synergy Project Manager (WordPress plugin) versions up to and including 1.5, caused by improper input handling during web page generation. Based on connected records, there is no published fix in the provided sources; patch/status shows as Unpatched. Af...

CVE-2025-68883 WordPress bidorbuy Store Integrator plugin <= 2.12.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through = 2.12.0...

CVE-2025-68857 WordPress Paid Downloads plugin <= 3.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

CVE-2025-68849

CVE-2025-68849 — Quote Master WordPress plugin (

CVE-2025-68058 WordPress Institutions Directory plugin <= 1.3..4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3..4...