CVE-2026-48837 WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

CVE-2026-27357

CVE-2026-27357 – WordPress WP Search Analytics plugin (

WordPress WP Search Analytics plugin < 1.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Search Analytics versions 1.5.0...

CVE-2026-27398

The CVE-2026-27398 entry describes a Missing Authorization vulnerability in the WordPress RSVP and Event Management plugin, affecting versions up to 2.7.16. The issue is classified as a Broken Access Control vulnerability with insecure access configuration allowing exploitation without user inter...

CVE-2026-27398 WordPress RSVP and Event Management plugin <= 2.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16...

CVE-2026-27346

Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10...

CVE-2026-27346 WordPress B2BKing plugin < 5.2.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10...

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

CVE-2026-24527 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...

WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by theviper17 in WordPress Plugin WPSubscription versions = 1.9.1...

CVE-2025-62745

CVE-2025-62745 concerns the WordPress plugin Team Showcase (PickPlugins)

CVE-2025-62745 WordPress Team Showcase plugin <= 1.22.28 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Team Showcase allows Stored XSS. This issue affects Team Showcase: from n/a through 1.22.28...

CVE-2026-24592 WordPress Auto Affiliate Links plugin <= 6.8.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3...

CVE-2026-24592

CVE-2026-24592 affects WordPress Auto Affiliate Links plugin

CVE-2026-24582 WordPress FlexTable plugin <= 3.24.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...

CVE-2026-24545 WordPress QR Redirector plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

CVE-2026-24545

CVE-2026-24545 concerns the WordPress plugin QR Redirector, affected versions up to 2.0.3. The root cause is a broken/incorrectly configured access control, described as a missing authorization vulnerability that allows bypassing security checks. The CVSS data (v3.1) indicates a network attack ve...

CVE-2026-24574 WordPress Export WP Page to Static HTML/CSS plugin <= 6.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0...

CVE-2026-24574 WordPress Export WP Page to Static HTML/CSS plugin <= 6.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0...