4.3
CVE-2026-25420 - WordPress MailerLite plugin <= 1.7.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18.
4.3
CVE-2026-25419 - WordPress UpsellWP plugin <= 2.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.5.
7.6
CVE-2026-25418 - WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
4.3
CVE-2026-25416 - WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
5.3
CVE-2026-25415 - WordPress WPBookit Pro plugin <= 1.6.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18.
5.3
CVE-2026-25412 - WordPress Advanced iFrame plugin <= 2025.10 - Broken Access Control vulnerability
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
4.3
CVE-2026-25411 - WordPress Revision Manager TMC plugin <= 2.8.22 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision-manager-tmc allows Cross Site Request Forgery.This issue affects Revision Manager TMC: from n/a through <= 2.8.22.
4.3
CVE-2026-25410 - WordPress WP-CORS plugin <= 0.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.
4.3
CVE-2026-25409 - WordPress JAMstack Deployments plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through <= 1.1.1.
5.3
CVE-2026-25408 - WordPress Broken Link Notifier plugin <= 1.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5.