5.4
CVE-2026-24551 - WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.
6.5
CVE-2026-24550 - WordPress Blockons plugin <= 1.2.19 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.19.
4.3
CVE-2026-24549 - WordPress GeoDirectory plugin <= 2.8.149 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through <= 2.8.149.
5.4
CVE-2026-24548 - WordPress Radio Player plugin <= 2.0.91 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.91.
4.3
CVE-2026-24544 - WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.
4.3
CVE-2026-24543 - WordPress Materialis Companion plugin <= 1.3.52 - Broken Access Control vulnerability
Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through <= 1.3.52.
4.3
CVE-2026-24542 - WordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0.
5.3
CVE-2026-24541 - WordPress Download After Email plugin <= 2.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through <= 2.1.9.
5.4
CVE-2026-24540 - WordPress Integrate Google Drive plugin <= 1.5.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.6.
5.3
CVE-2026-24539 - WordPress ProtecciΓ³n de datos β RGPD plugin <= 0.68 - Broken Access Control vulnerability
Missing Authorization vulnerability in ABCdatos ProtecciΓ³n de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProtecciΓ³n de datos – RGPD: from n/a through <= 0.68.