CVE-2026-32419 WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through = 0.93.1...

CVE-2026-32414 WordPress Advanced Woo Labels plugin <= 2.36 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through = 2.36...

CVE-2026-32403 WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

CVE-2026-32399 WordPress Media LIbrary Assistant plugin <= 3.32 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through = 3.32...

CVE-2026-32386

CVE-2026-32386 relates to a Missing Authorization vulnerability in the WordPress Envo Extra plugin (EnvoThemes) version ≤ 1.9.13. The issue is described as broken access control due to incorrectly configured security levels, potentially enabling unauthorized access or actions within Envo Extra. T...

CVE-2026-32365 WordPress Collapsing Archives plugin <= 3.0.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

CVE-2026-32358

The CVE concerns the WordPress Booking Calendar plugin (wpdevelop), version

CVE-2026-32349 WordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through = 2.4.7...

CVE-2026-32343

CVE-2026-32343 : A Cross-Site Request Forgery (CSRF) vulnerability affects the WordPress plugin “Easy Table of Contents” (component: easy-table-of-contents) in versions &lt;= 2.0.80. The issue is documented across multiple sources (NVD, Red Hat, ENISA, CVE List) with a CVSS v3.1 base score of 4....

CVE-2026-31918

The CVE affects the WordPress immonex Kickstart plugin (versions up to 1.13.0). The issue is a Stored XSS caused by improper neutralization of input during web page generation in immonex-kickstart. Impact is XSS via stored data, as described; no exploit details or in-the-wild exploitation are pro...

CVE-2026-31916 WordPress Latest Post Shortcode plugin <= 14.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.1...

CVE-2026-31917 WordPress WP ERP plugin <= 1.16.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

CVE-2026-1704 Appointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. This is due to the getitempermissionscheck method granting access to users with the...

WordPress plugin Construction Landing Page 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin GLB 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Social Icons Widget & Block by WPZOOM 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-25161

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability checks on the form settings save handler and insufficient input sanitization of the fcontent fie...

WordPress plugin wpDiscuz 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin VW Pet Shop 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Geo to Lat SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...