4.4
CVE-2025-26990 - WordPress Royal Elementor Addons plugin <= 1.7.1006 - Server Side Request Forgery (SSRF) vulnerabilβ¦
Server-Side Request Forgery (SSRF) vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Server Side Request Forgery.This issue affects Royal Elementor Addons: from n/a through <= 1.7.1006.
6.5
CVE-2025-26982 - WordPress DSGVO Youtube plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric-Oliver MΓ€chler DSGVO Youtube dsgvo-youtube allows DOM-Based XSS.This issue affects DSGVO Youtube: from n/a through <= 1.5.1.
8.8
CVE-2025-26959 - WordPress Administrator Z <= 2025.03.24 - Privilege Escalation Vulnerability
Missing Authorization vulnerability in QuΓ½ LΓͺ 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24.
0.0
CVE-2025-26958 - WordPress JetBlog plugin <= 2.4.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through <= 2.4.3.
4.3
CVE-2025-26955 - WordPress Industrial Lite theme <= 1.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in vowelweb Industrial Lite industrial-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Industrial Lite: from n/a through <= 1.0.8.
7.1
CVE-2025-26954 - WordPress ZooEffect plugin <= 1.11 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect 1-jquery-photo-gallery-slideshow-flash allows Reflected XSS.This issue affects ZooEffect: from n/a through <= 1.11.
7.5
CVE-2025-26944 - WordPress JetPopup plugin <= 2.0.11 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through <= 2.0.11.
0.0
CVE-2025-26942 - WordPress JetTricks plugin <= 1.5.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through <= 1.5.1.
7.5
CVE-2025-26894 - WordPress Coming Soon, Maintenance Mode plugin <= 1.1.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mobeen Abdullah Coming Soon, Maintenance Mode site-mode allows PHP Local File Inclusion.This issue affects Coming Soon, Maintenance Mode: from n/a through <= 1.1.1.
7.5
CVE-2025-26889 - WordPress hockeydata LOS plugin <= 1.2.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hockeydata hockeydata LOS hockeydata-los allows PHP Local File Inclusion.This issue affects hockeydata LOS: from n/a through <= 1.2.4.