6.5
CVE-2026-24576 - WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0.
8.5
CVE-2026-24572 - WordPress Nelio Content plugin <= 4.2.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.2.0.
4.3
CVE-2026-24571 - WordPress BOX NOW Delivery plugin <= 3.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.
5.4
CVE-2026-24570 - WordPress Edwiser Bridge plugin <= 4.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.
4.3
CVE-2026-24569 - WordPress Media Library File Size plugin <= 1.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through <= 1.6.7.
5.3
CVE-2026-24568 - WordPress WP Travel plugin <= 11.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0.
4.3
CVE-2026-24567 - WordPress Anything Order by Terms plugin <= 1.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through <= 1.4.0.
6.5
CVE-2026-24566 - WordPress iNET Webkit plugin <= 1.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.
6.5
CVE-2026-24565 - WordPress B Accordion plugin <= 2.0.2 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.2.
4.3
CVE-2026-24564 - WordPress Textmetrics plugin <= 3.6.5 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <= 3.6.5.