4.3
CVE-2026-24580 - WordPress Ecwid Shopping Cart plugin <= 7.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.
4.3
CVE-2026-24579 - WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9.
4.3
CVE-2026-24578 - WordPress Admin login URL Change plugin <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through <= 1.1.5.
5.3
CVE-2026-24577 - WordPress Pie Register plugin <= 3.8.4.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.8.
6.5
CVE-2026-24576 - WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0.
8.5
CVE-2026-24572 - WordPress Nelio Content plugin <= 4.2.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.2.0.
4.3
CVE-2026-24571 - WordPress BOX NOW Delivery plugin <= 3.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.
5.4
CVE-2026-24570 - WordPress Edwiser Bridge plugin <= 4.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.
4.3
CVE-2026-24569 - WordPress Media Library File Size plugin <= 1.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through <= 1.6.7.
5.3
CVE-2026-24568 - WordPress WP Travel plugin <= 11.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0.