5.3
CVE-2026-40763 - WordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1056.
7.6
CVE-2026-40745 - WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through <= 8.4.2.
8.5
CVE-2026-40744 - WordPress Beaver Builder plugin <= 2.10.1.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2.10.1.2.
5.3
CVE-2026-40742 - WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability
Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through <= 8.2.8.
5.4
CVE-2026-40740 - WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7.
5.3
CVE-2026-40737 - WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through <= 1.1.4.
6.5
CVE-2026-40734 - WordPress Categories Images plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through <= 3.3.1.
0.0
CVE-2026-40730 - WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through <= 2.0.0.6.
4.3
CVE-2026-40729 - WordPress 3D viewer โ Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins 3D viewer โ Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer โ Embed 3D Models: from n/a through <= 1.8.5.
4.3
CVE-2026-40728 - WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through <= 1.8.3.