PT-2026-47064

Name of the Vulnerable Software and Affected Versions Alba Board versions prior to 2.1.4 Description The plugin fails to properly verify if a user is authorized to perform specific actions, leading to an authorization bypass. This allows authenticated attackers with subscriber-level access or...

PT-2026-47074

Name of the Vulnerable Software and Affected Versions WP User Manager – User Profile Builder & Membership versions prior to 2.9.18 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. This occurs through the...

WordPress plugin Alba Board 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin WP Captcha PRO 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Admin Columns 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin WP Captcha PRO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Debug Log Manager – Conveniently Monitor and Inspect Errors plugin <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs vulnerability

Unauthenticated Improper Output Neutralization for Logs vulnerability discovered by Endang Alfarisi in WordPress Plugin Debug Log Manager versions = 2.5.0...

PT-2026-47073

Name of the Vulnerable Software and Affected Versions RSS Aggregator by Feedzy versions prior to 5.1.8 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers with contributor-level access ...

WordPress Event Monster – Event Manager, Ticket Booking & Registration plugin <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability

Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass vulnerability discovered by NAKLEH ZEIDAN in WordPress Plugin Event Management Tickets Booking versions = 2.1.0...

WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection

Exploit Title: WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection Google Dork: N/A Date: 2026-06-02 Exploit Author: cardosource Vendor Homepage: https://contest-gallery.com/ Software Link: https://wordpress.org/plugins/contest-gallery/ Version: getrow without proper...

PT-2026-47059

Name of the Vulnerable Software and Affected Versions Site Kit by Google WordPress plugin versions prior to 1.176.0 Description A broken access control flaw exists in a REST API write endpoint that fails to properly restrict access to administrators. This allows lower-privileged users, such as...

WPDeveloper Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 服务端请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-47032

Name of the Vulnerable Software and Affected Versions WP Captcha PRO versions prior to 5.39 Description The plugin is susceptible to arbitrary file upload, which can lead to remote code execution. The issue stems from a flawed capability check in the save ajax function within the licensing module...

CVE-2026-10586 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

CVE-2026-10586

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

Exploit for CVE-2026-8732

CVE-2026-8732 – WordPress WP Maps Pro Exploit Unauthenticat...

WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Media folder Addon versions = 4.0.1...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 25, 2026 to May 31, 2026)

Last week, there were 278 vulnerabilities disclosed in 185 WordPress Plugins and 70 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 94 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Thrive Apprentice versions 10.8.10.2...

Exploit for Deserialization of Untrusted Data in Presstigers Simple_Job_Board

CVE-2024-1813 - Simple Job Board ≤ 2.11.0 WordPress - Unauth...