CVE-2026-39589 WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...

CVE-2026-39582 WordPress Hitek theme < 1.8.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Hitek 1.8.3 versions...

CVE-2026-39573 WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

CVE-2026-39558 WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Malmö = 2.2 versions...

CVE-2026-39546 WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...

CVE-2026-39545 WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...

CVE-2026-39537 WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...

CVE-2026-34888 WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...

CVE-2026-27410 WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

CVE-2026-27400 WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

CVE-2026-27041 WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

CVE-2026-25446 WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...

CVE-2026-25439 WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

CVE-2026-24611 WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...

CVE-2026-24610 WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in MetForm Pro = 3.9.1 versions...

CVE-2026-24575 WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...

CVE-2026-22343 WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...

CVE-2026-22342 WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability

Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...

CVE-2026-22340 WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

CVE-2026-22339 WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...