4.3
CVE-2026-24605 - WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.
5.3
CVE-2026-24604 - WordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.
5.3
CVE-2026-24603 - WordPress Universal Google Adsense and Ads manager plugin <= 1.1.8 - Broken Access Control vulnerabβ¦
Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8.
5.3
CVE-2026-24602 - WordPress Raptive Ads plugin <= 3.10.0 - Broken Access Control vulnerability
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. This is a false positive. According to the vendor, the function identified as a vulnerability is intentional and part of the expected design.
6.5
CVE-2026-24601 - WordPress Penci Pay Writer plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through <= 1.5.
6.5
CVE-2026-24600 - WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through <= 3.5.
5.3
CVE-2026-24599 - WordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.
4.3
CVE-2026-24598 - WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through <= 1.5.2.
4.3
CVE-2026-24596 - WordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3.2.
5.4
CVE-2026-24595 - WordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.9.