5.3
CVE-2026-32404 - WordPress Studio99 WP Monitor plugin <= 1.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.
6.5
CVE-2026-32403 - WordPress Toocheke Companion plugin <= 1.194 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194.
5.3
CVE-2026-32402 - WordPress Image Slider by Ays plugin <= 2.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.
0.0
CVE-2026-32401 - WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9.
7.5
CVE-2026-32400 - WordPress Boldman theme <= 7.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.
8.5
CVE-2026-32399 - WordPress Media LIbrary Assistant plugin <= 3.32 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.32.
0.0
CVE-2026-32398 - WordPress TeraWallet β For WooCommerce plugin <= 1.5.15 - Race Condition vulnerability
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet β For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet β For WooCommerce: from n/a through <= 1.5.15.
5.3
CVE-2026-32397 - WordPress Filter & Grids plugin <= 3.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.
5.3
CVE-2026-32396 - WordPress Team plugin <= 5.0.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.
5.3
CVE-2026-32395 - WordPress Xpro Addons For Beaver Builder β Lite plugin <= 1.5.6 - Broken Access Control vulnerabiliβ¦
Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.6.