4.3
CVE-2026-25407 - WordPress Cookiebot plugin <= 4.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
5.3
CVE-2026-25404 - WordPress WP Job Manager plugin <= 2.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0.
4.3
CVE-2026-25402 - WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - Broken Accβ¦
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through <= β¦
4.3
CVE-2026-25399 - WordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7.
4.3
CVE-2026-25395 - WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through <= 1.1.4.
4.3
CVE-2026-25394 - WordPress Fitness FSE theme <= 1.0.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6.
4.3
CVE-2026-25393 - WordPress Hello FSE theme <= 1.0.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.0.6.
4.7
CVE-2026-25392 - WordPress Update URLs β Quick and Easy way to search old links and replace them with new links in Wβ¦
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old links and repβ¦
5.4
CVE-2026-25391 - WordPress WP Wand plugin <= 1.3.07 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.3.07.
5.3
CVE-2026-25389 - WordPress EventPrime plugin <= 4.2.8.3 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.