9.8
CVE-2026-25429 - WordPress Nexa Blocks plugin <= 1.1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through <= 1.1.1.
6.5
CVE-2026-25417 - WordPress ProfileGrid plugin <= 5.9.8.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through <= 5.9.8.1.
8.8
CVE-2026-25414 - WordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through <= 1.6.18.
9.9
CVE-2026-25413 - WordPress WPBookit Pro plugin <= 1.6.18 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBookit Pro: from n/a through <= 1.6.18.
8.1
CVE-2026-25406 - WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4.
7.5
CVE-2026-25401 - WordPress WPCargo Track & Trace plugin <= 8.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
8.8
CVE-2026-25400 - WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0.
6.5
CVE-2026-25398 - WordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through <= 1.6.4.
7.5
CVE-2026-25397 - WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4.
7.5
CVE-2026-25396 - WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through <= 1.6.6.