CVE-2026-28044 WordPress WP Rocket plugin <= 3.19.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4...

WordPress GiveWP plugin <= 3.19.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by dream hard in WordPress Plugin GiveWP versions = 3.19.4...

CVE-2025-26991

CVE-2025-26991 is active and affects the WordPress plugin WPPizza prior to/including version 3.19.4, with a Reflected XSS vulnerability caused by improper input neutralization during web page generation. The CVSSv3.1 base score is 7.1 (HIGH) , indicating network access with user interaction requi...

WordPress Frontend Admin by DynamiApps plugin <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation vulnerability

Improper Missing Encryption Exception Handling to Form Manipulation vulnerability discovered by István Márton in WordPress Plugin Frontend Admin by DynamiApps versions = 3.19.4...

WordPress Frontend Admin by DynamiApps Plugin <= 3.19.4 is vulnerable to Privilege Escalation

Software Frontend Admin by DynamiApps Type Plugin Vulnerable versions = 3.19.4 Fixed in 3.19.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3729 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4ebfbce29f56...