6.5
CVE-2026-25472 - WordPress Fusion Builder plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through <= 3.14.1.
6.5
CVE-2026-25463 - WordPress Wpresidence Core plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate Wpresidence Core wpresidence-core allows Stored XSS.This issue affects Wpresidence Core: from n/a through <= 5.4.0.
4.3
CVE-2026-25459 - WordPress Sober theme <= 3.5.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12.
6.5
CVE-2026-25453 - WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through <= 2025.10.
6.5
CVE-2026-25451 - WordPress Bold Page Builder plugin <= 5.6.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.9.
5.3
CVE-2026-25441 - WordPress LeadConnector plugin <= 3.0.21 - Broken Access Control vulnerability
Missing Authorization vulnerability in varunvairavanlc LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.
6.5
CVE-2026-25432 - WordPress Omnipress plugin <= 1.6.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.6.7.
4.4
CVE-2026-25428 - WordPress TS Poll plugin <= 2.5.5 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
3.8
CVE-2026-25423 - WordPress Real 3D FlipBook plugin <= 4.19.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.19.1.
5.4
CVE-2026-25422 - WordPress Popularis Extra plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through <= 1.2.10.