4.3
CVE-2026-24535 - WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerabiliβ¦
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.7.
4.3
CVE-2026-24534 - WordPress Booter plugin <= 1.5.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <= 1.5.7.
4.3
CVE-2026-24532 - WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in SiteLock SiteLock Security β WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security β WP Hardening, Login Security & Malware Scans: from n/a through <= β¦
7.5
CVE-2026-24531 - WordPress Prowess theme <= 2.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affects Prowess: from n/a through <= 2.3.
5.3
CVE-2026-24530 - WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through <= 2.2.
5.3
CVE-2026-24529 - WordPress Quick Restaurant Reservations plugin <= 1.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7.
6.5
CVE-2026-24528 - WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9.
6.5
CVE-2026-24526 - WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS)β¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from nβ¦
5.3
CVE-2026-24525 - WordPress CLP Varnish Cache plugin <= 1.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.
4.3
CVE-2026-24524 - WordPress Tablesome plugin <= 1.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.8.