7.5
CVE-2026-32537 - WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerβ¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through <β¦
9.9
CVE-2026-32536 - WordPress Green Downloads plugin <= 2.08 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through <= 2.08.
6.5
CVE-2026-32535 - WordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 3.0.3.
8.5
CVE-2026-32534 - WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3.
6.5
CVE-2026-32533 - WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through <= 5.2.6.
7.1
CVE-2026-32532 - WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1.
8.1
CVE-2026-32531 - WordPress Kunco theme < 1.4.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through < 1.4.5.
8.8
CVE-2026-32530 - WordPress Creator LMS plugin <= 1.1.18 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18.
7.1
CVE-2026-32529 - WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.
7.1
CVE-2026-32528 - WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.