6.5
CVE-2026-24946 - WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Broken Access Control vuβ¦
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0.
6.5
CVE-2026-24944 - WordPress Subscribe2 plugin <= 10.44 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
7.1
CVE-2026-24943 - WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through <= 5.3.4.
7.5
CVE-2026-24941 - WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
9.8
CVE-2026-22384 - WordPress Applay - Shortcodes plugin <= 3.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7.
7.5
CVE-2026-22383 - WordPress PawFriends - Pet Shop and Veterinary WordPress theme theme <= 1.3 - Insecure Direct Objecβ¦
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a tβ¦
8.1
CVE-2026-22381 - WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File Inclusion β¦
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows PHP Local File Inclusion.This issue affects PawFriends - Pet Shop and Veterinary WordPress Thβ¦
8.1
CVE-2026-22380 - WordPress UnlimHost theme <= 1.2.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through <= 1.2.3.
8.1
CVE-2026-22379 - WordPress Netmix theme <= 1.0.10 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Netmix netmix allows PHP Local File Inclusion.This issue affects Netmix: from n/a through <= 1.0.10.
8.1
CVE-2026-22378 - WordPress Blabber theme <= 1.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affects Blabber: from n/a through <= 1.7.0.