WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.37 - Authenticated (Subscriber+) SQL Injection via File Name vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.37 - Authenticated Subscriber+ SQL Injection via File Name vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.37...

CVE-2026-27090

CVE-2026-27090 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin Kenta Companion (kenta-companion) , affecting versions up to 1.3.3 . The available documents identify the vulnerability and affected component but do not provide explicit exploit details, attack vectors, or remed...

CVE-2026-27074 WordPress Shortcoder plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vaakash Shortcoder shortcoder allows Stored XSS.This issue affects Shortcoder: from n/a through = 6.5.1...

CVE-2026-27066

...

CVE-2026-27059 WordPress Penci Recipe plugin <= 4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through = 4.1...

CVE-2026-27057

CVE-2026-27057 concerns the WordPress plugin Penci Filter Everything by PenciDesign (versions

CVE-2026-27057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through = 1.7...

CVE-2026-25473 WordPress WZone plugin <= 14.0.31 - Broken Access Control vulnerability

Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through = 14.0.31...

CVE-2026-27050 WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through = 1.1.0...

CVE-2026-25472 WordPress Fusion Builder plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through = 3.14.1...

CVE-2026-25411 WordPress Revision Manager TMC plugin <= 2.8.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themastercut Revision Manager TMC revision-manager-tmc allows Cross Site Request Forgery.This issue affects Revision Manager TMC: from n/a through = 2.8.22...

CVE-2026-25385

Summary (CVE-2026-25385): A Server-Side Request Forgery (SSRF) vulnerability exists in the WordPress plugin URL Shortify (KaizenCoders) for versions from the initial release up to and including 1.12.3. Public sources in the Connected documents corroborate the SSRF issue and indicate the vulnerabi...

CVE-2026-25362

CVE-2026-25362 describes a stored XSS in the FooGallery plugin for WordPress (FooGallery

CVE-2026-25326 WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...

CVE-2026-25326 WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...

CVE-2026-25322 WordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through = 3.7.22...

CVE-2026-25314

CVE-2026-25314 impacts the WordPress plugin “TOP Table Of Contents” (TOP Table Of Contents: WordPress plugin). The Red Hat and CVE feeds, NVD and CVE List entries indicate a missing authorization vulnerability described as broken access control in TOP Table Of Contents versions up to and includin...

CVE-2026-25307 WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through 5.7...

CVE-2026-25307 WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through 5.7...

CVE-2026-25008

The CVE-2026-25008 entry concerns WordPress Ninja Tables (ninja-tables) versions up to and including 5.2.5. The issue is described as an Insertion of Sensitive Information Into Sent Data vulnerability that enables retrieval of embedded sensitive data from Ninja Tables. All connected sources consi...