EUVD-2026-3825

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through = 2.13.4...

EUVD-2026-3853

Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through = 2.0.1...

EUVD-2026-3834

Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through = 3.9.6...

EUVD-2026-3851

Server-Side Request Forgery SSRF vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through = 2.3.12...

EUVD-2026-3860

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through = 1.2.5...

EUVD-2026-3858

Cross-Site Request Forgery CSRF vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through = 1.4.5...

EUVD-2026-3864

Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through = 1.3...

EUVD-2026-3837

Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through = 6.6.18...

EUVD-2026-3863

Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through = 2.6.4...

EUVD-2026-3845

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through = 1.6...

EUVD-2026-3865

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through = 2.4.7...

EUVD-2026-3861

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through = 1.7...

EUVD-2026-3839

Cross-Site Request Forgery CSRF vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through = 1.3...

EUVD-2026-3866

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a through =...

EUVD-2026-3878

Cross-Site Request Forgery CSRF vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through = 1.3...

EUVD-2026-3885

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: from n/a through = 3.5.7...

EUVD-2026-3887

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...

EUVD-2026-3891

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through = 1.0.4.2...

EUVD-2026-3892

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 5.0.3...

EUVD-2026-3895

Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...