7.1
CVE-2026-32528 - WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.
0.0
CVE-2026-32527 - WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <=โฆ
Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable aโฆ
7.1
CVE-2026-32526 - WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.10.
9.9
CVE-2026-32525 - WordPress JetFormBuilder plugin <= 3.5.6.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1.
0.0
CVE-2026-32524 - WordPress Photo Engine plugin <= 6.4.9 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9.
0.0
CVE-2026-32523 - WordPress WPJAM Basic plugin <= 6.9.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.
0.0
CVE-2026-32522 - WordPress WooCommerce Support Ticket System plugin < 18.5 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5.
6.5
CVE-2026-32521 - WordPress WP Custom Admin Interface plugin <= 7.42 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through <= 7.42.
0.0
CVE-2026-32520 - WordPress RewardsWP plugin <= 1.0.4 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4.
0.0
CVE-2026-32519 - WordPress Bit SMTP plugin <= 1.2.2 - Broken Authentication vulnerability
Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2.