4.3
CVE-2026-24598 - WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through <= 1.5.2.
4.3
CVE-2026-24596 - WordPress Related Posts Thumbnails plugin for WordPress plugin <= 4.3.2 - Cross Site Request Forgerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3.2.
5.4
CVE-2026-24595 - WordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.9.
5.9
CVE-2026-24594 - WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vuβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through <= 3.9.4.
5.3
CVE-2026-24593 - WordPress AWP Classifieds plugin <= 4.4.3 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
6.5
CVE-2026-24591 - WordPress Turn Yoast SEO FAQ Block to Accordion plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6.
5.3
CVE-2026-24589 - WordPress Cargus plugin <= 1.5.8 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.
4.3
CVE-2026-24588 - WordPress Smart Product Viewer plugin <= 1.5.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through <= 1.5.4.
5.4
CVE-2026-24587 - WordPress AJAX Hits Counter + Popular Posts Widget plugin <= 0.10.210305 - Broken Access Control vuβ¦
Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through <= 0.10.210305.
6.5
CVE-2026-24585 - WordPress Hyyan WooCommerce Polylang Integration plugin <= 1.5.0 - Broken Access Control vulnerabilβ¦
Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0.