5.4
CVE-2026-25322 - WordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7.22.
5.3
CVE-2026-25321 - WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.
5.3
CVE-2026-25320 - WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.
4.3
CVE-2026-25319 - WordPress Zita Elementor Site Library plugin <= 1.6.6 - Cross Site Request Forgery (CSRF) vulnerabiβ¦
Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a through <= 1.6.6.
4.3
CVE-2026-25318 - WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Control vulneraβ¦
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
7.2
CVE-2026-25316 - WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19.
5.3
CVE-2026-25315 - WordPress hCaptcha for WP plugin <= 4.21.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.21.1.
4.3
CVE-2026-25314 - WordPress TOP Table Of Contents plugin <= 1.3.31 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.
4.3
CVE-2026-25313 - WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14.
5.4
CVE-2026-25311 - WordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1.