6.3
CVE-2025-26940 - WordPress Pie Register Premium plugin <= 3.8.3.2 - Path Traversal to Non-Arbitrary File Deletion vuβ¦
Path Traversal: '.../...//' vulnerability in NotFound Pie Register Premium pie-register-premium.This issue affects Pie Register Premium: from n/a through <= 3.8.3.2.
6.5
CVE-2025-26924 - WordPress Ohio Theme Extra plugin <= 3.4.7 - Shortcode Injection vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in colabrio Ohio Extra ohio-extra allows Code Injection.This issue affects Ohio Extra: from n/a through <= 3.4.7.
8.8
CVE-2025-26921 - WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.2.6.
6.5
CVE-2025-26899 - WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Recapture Cart Recovery and Email Marketing Recapture for WooCommerce recapture-for-woocommerce allows Cross Site Request Forgery.This issue affects Recapture for WooCommerce: from n/a through <= 1.0.43.
6.5
CVE-2025-26895 - WordPress m1.DownloadList plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maennchen1.de m1.DownloadList m1downloadlist allows DOM-Based XSS.This issue affects m1.DownloadList: from n/a through <= 0.19.
7.6
CVE-2025-26886 - WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Authors publishpress-authors allows SQL Injection.This issue affects PublishPress Authors: from n/a through <= 4.7.3.
9.3
CVE-2025-26875 - WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.3 - SQL Injection vulneβ¦
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows SQL Injection.This issue affects Multiple Shipping And Billing Aβ¦
7.1
CVE-2025-26556 - WordPress WP AntiDDOS Plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zzmaster WP AntiDDOS wpantiddos allows Reflected XSS.This issue affects WP AntiDDOS: from n/a through <= 2.0.
7.1
CVE-2025-26555 - WordPress Debug-Bar-Extender Plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thorsten Ott Debug-Bar-Extender debug-bar-extender allows Reflected XSS.This issue affects Debug-Bar-Extender: from n/a through <= 0.5.
7.1
CVE-2025-26554 - WordPress WP Discord Post Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicola Mustone WP Discord Post wp-discord-post allows Reflected XSS.This issue affects WP Discord Post: from n/a through <= 2.1.0.