CVE-2026-24637 WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

CVE-2026-9691

The WordPress plugin “Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms” (vendor: WordPress ecosystem; affected component: PHP object injection vulnerability) is vulnerable in versions

CVE-2026-23970 WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Redirection for Contact Form 7 = 3.2.8 versions...

CVE-2026-23970

The CVE covers WordPress plugin Redirection for Contact Form 7 (versions

CVE-2026-9691 WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...

CVE-2025-69332

The CVE-2025-69332 entry concerns the WordPress Bookify plugin (versions

CVE-2025-69332 WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Bookify = 1.1.1 versions...

CVE-2025-68851 WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...

CVE-2025-68872 WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Elis WordCents adSense Widget with Analytics = 1.3.03.27 versions...

CVE-2025-68872

CVE-2025-68872 is a reflected XSS vulnerability in the WordPress plugin “Eli's WordCents adSense Widget with Analytics” (versions

CVE-2025-68840 WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

CVE-2025-68840 WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

CVE-2025-68840

CVE-2025-68840 is a reflected XSS vulnerability in the WordPress plugin iRobots.txt SEO, affected versions:

CVE-2025-68049 WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability

Subscriber Broken Access Control in bunny.net = 2.3.6 versions...

CVE-2025-68049

CVE-2025-68049 affects the WordPress bunny.net plugin, version up to 2.3.6, with a Broken Access Control flaw. The CVSS 3.1 base metrics indicate Low impact to confidentiality, integrity, and availability, and a network attack vector with low privileges required and no user interaction. The provi...

CVE-2025-59133 WordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerability

Custom role Insecure Direct Object References IDOR in Projectopia = 5.1.25.2 versions...

CVE-2025-59133

CVE-2025-59133 describes an insecure direct object reference (IDOR) in the WordPress plugin Projectopia (WordPress Projectopia – projectopia-core) version

Malicious code in postcss-minify-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc7341d6762a6209e4bde3d99f31f1a8650b6971e64a19547b9f35e7a51abb3 Package is published as postcss-minify-selector singular but its internal postcss plugin identifier is postcss-minify-selectors plural — the canonica...

CVE-2026-49954

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...

CVE-2026-50869

An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request...