5.4
CVE-2026-24561 - WordPress FluentBoards plugin <= 1.91.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1.
5.4
CVE-2026-24560 - WordPress Cloudinary plugin <= 3.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cloudinary: from n/a through <= 3.3.2.
5.3
CVE-2026-24559 - WordPress Integration for Contact Form 7 HubSpot plugin <= 1.4.3 - Sensitive Data Exposure vulnerabβ¦
Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.3.
6.5
CVE-2026-24558 - WordPress ABG Rich Pins plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1.
5.3
CVE-2026-24557 - WordPress Contact Form 7 GetResponse Extension plugin <= 1.0.8 - Sensitive Data Exposure vulnerabilβ¦
Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8.
5.3
CVE-2026-24556 - WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.2.
6.5
CVE-2026-24555 - WordPress ArtPlacer Widget plugin <= 2.23.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.2.
4.3
CVE-2026-24553 - WordPress Fraud Prevention For Woocommerce plugin <= 2.3.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from β¦
5.4
CVE-2026-24551 - WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.
6.5
CVE-2026-24550 - WordPress Blockons plugin <= 1.2.19 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.19.