CVE-2026-25447

CVE-2026-25447 describes an Unauthenticated remote code execution vector in the WordPress plugin Widget Wrangler (

CVE-2026-25417

Connected document confirms a concrete vulnerability: WordPress ProfileGrid plugin versions ≤ 5.9.8.1 has a Cross Site Scripting (XSS) flaw discovered by daroo. The issue affects the ProfileGrid plugin for WordPress; no explicit root cause, impact details, or exploit workflow are provided in the ...

CVE-2026-25396 WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through = 1.6.6...

CVE-2026-25361 WordPress WpEvently plugin <= 5.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through = 5.1.4...

CVE-2026-25347 WordPress WP REST Cache plugin <= 2026.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through = 2026.1.0...

CVE-2026-25347

The connected PATCHSTACK entry identifies a Cross Site Scripting (XSS) vulnerability in the WordPress plugin WP REST Cache (versions ≤ 2026.1.0). The flaw is documented as discovered by Nguyen Ba Khanh . The provided material does not specify the exact root cause, affected components beyond the p...

CVE-2026-25346 WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through = 1.8.2...

CVE-2026-25334

CVE-2026-25334 describes an Incorrect Privilege Assignment vulnerability in the WordPress Salon Booking System Pro plugin. Versions prior to 10.30.12 are affected and allow privilege escalation, effectively an account takeover. The public details in the connected sources identify the affected pro...

CVE-2026-25334 WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through 10.30.12...

CVE-2026-25035 WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through = 28.1.2.2...

CVE-2026-24989

CVE-2026-24989 describes a deserialization of untrusted data in the SUMO Affiliates Pro plugin for WordPress (affs), enabling PHP object injection. Affected: SUMO Affiliates Pro versions below 11.4.0. Root cause: deserialization of untrusted input leading to object injection. Impact: according to...

CVE-2026-24979 WordPress Jobica Core plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobica Core jobica-core allows Reflected XSS.This issue affects Jobica Core: from n/a through = 1.4.1...

CVE-2026-24980 WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through = 1.4.9...

CVE-2026-24981 WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through = 1.4.9...

CVE-2026-24964

CVE-2026-24964 describes a Server-Side Request Forgery (SSRF) in the WordPress plugin Contest Gallery (contest-gallery). Affected versions are up to and including 28.1.2.1 . The root cause involves improper handling/validation of outgoing requests initiated by the plugin, enabling an attacker to ...

CVE-2026-24373 WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...

CVE-2026-23979 WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2026-22523 WordPress Ultra WordPress Admin plugin <= 11.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through = 11.7...

CVE-2026-22484 WordPress Lisfinity Core plugin <= 1.5.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...

WordPress plugin Jobica Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...