6.5
CVE-2025-26930 - WordPress Home Services plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services home-services allows DOM-Based XSS.This issue affects Home Services: from n/a through <= 1.2.6.
10
CVE-2025-26927 - WordPress AI Hub plugin <= 1.3.7 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through <= 1.3.7.
6.5
CVE-2025-26919 - WordPress Tainรก plugin <= 0.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainรก taina allows Stored XSS.This issue affects Tainรก: from n/a through < 0.2.5.
7.6
CVE-2025-26908 - WordPress Kargo Entegratรถr plugin <= 1.1.14 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratรถr kargo-entegrator allows SQL Injection.This issue affects Kargo Entegratรถr: from n/a through <= 1.1.14.
6.5
CVE-2025-26906 - WordPress WP Delete User Accounts plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts wp-delete-user-accounts allows DOM-Based XSS.This issue affects WP Delete User Accounts: from n/a through <= 1.2.3.
4.3
CVE-2025-26903 - WordPress InPost Gallery plugin <= 2.1.4.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery inpost-gallery allows Cross Site Request Forgery.This issue affects InPost Gallery: from n/a through <= 2.1.4.3.
6.5
CVE-2025-26880 - WordPress SKT Skill Bar plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows Stored XSS.This issue affects SKT Skill Bar: from n/a through <= 2.3.
6.5
CVE-2025-26870 - WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows DOM-Based XSS.This issue affects JetEngine: from n/a through <= 3.6.4.1.
6.5
CVE-2025-26749 - WordPress Additional Custom Product Tabs for WooCommerce plugin <= 1.7.0 - Cross Site Scripting (XSโฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce allows Stored XSS.This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through <= 1.7.0.
8.1
CVE-2025-26748 - WordPress Arkhe theme <= 3.12.0 - CSRF to Local File Inclusion vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.