4.3
CVE-2025-26983 - WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnβ¦
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.3.
7.1
CVE-2025-26981 - WordPress Web Accessibility By accessiBe plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulneβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Reflected XSS.This issue affects Web Accessibility By accessiBe: from n/a through <= 2.5.
6.5
CVE-2025-26980 - WordPress Wired Impact Volunteer Management plugin <= 2.5 - Stored Cross Site Scripting (XSS) vulneβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Stored XSS.This issue affects Wired Impact Volunteer Management: from n/a through <= 2.5.
7.5
CVE-2025-26979 - WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.9.0.
3.8
CVE-2025-26977 - WordPress FileBird plugin <= 6.4.2.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through <= 6.4.2.1.
5.3
CVE-2025-26975 - WordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Strong Testimonials: from n/a through <= 3.2.3.
9.3
CVE-2025-26974 - WordPress WP Multi Store Locator plugin <= 2.5.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.1.
7.6
CVE-2025-26971 - WordPress Poll Maker <= 5.6.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Poll Maker poll-maker allows Blind SQL Injection.This issue affects Poll Maker: from n/a through <= 5.6.5.
0.0
CVE-2025-26966 - WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5.
0.0
CVE-2025-26965 - WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.16.