0.0
CVE-2026-25465 - WordPress CP Multi View Event Calendar plugin <= 1.4.35 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35.
0.0
CVE-2026-25464 - WordPress Jannah theme <= 7.6.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.3.
0.0
CVE-2026-25462 - WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3.
0.0
CVE-2026-25461 - WordPress Listeo Core plugin <= 2.0.21 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through <= 2.0.21.
0.0
CVE-2026-25460 - WordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.
0.0
CVE-2026-25458 - WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through <= 2.2.
0.0
CVE-2026-25457 - WordPress Mixtape theme <= 2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through <= 2.1.
0.0
CVE-2026-25456 - WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.8 - Broken Access Coโฆ
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through <= 5.1.8.
0.0
CVE-2026-25455 - WordPress Product Slider for WooCommerce plugin <= 1.13.60 - Broken Access Control vulnerability
Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.60.
0.0
CVE-2026-25454 - WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through <= 4.4.1.