5.3
CVE-2026-24999 - WordPress Alma plugin <= 5.16.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through <= 5.16.1.
5.9
CVE-2026-24392 - WordPress HurryTimer plugin <= 2.14.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a through <= 2.14.2.
5.3
CVE-2026-24375 - WordPress Ultimate Gift Cards For WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through <= 3.2.4.
7.6
CVE-2026-23805 - WordPress Media Search Enhanced plugin <= 0.9.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.
5.4
CVE-2026-23804 - WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
7.2
CVE-2026-23803 - WordPress Smart Auto Upload Images plugin <= 1.2.2 - Server Side Request Forgery (SSRF) vulnerabiliβ¦
Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through <= 1.2.2.
9.8
CVE-2026-23549 - WordPress WpEvently plugin <= 5.1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.
5.3
CVE-2026-23548 - WordPress DirectoryPress plugin <= 3.6.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.25.
7.1
CVE-2026-23547 - WordPress CMSMasters Content Composer plugin <= 2.5.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8.
6.5
CVE-2026-23545 - WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4.