4.3
CVE-2026-22359 - WordPress Wordpress Movies Bulk Importer plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerabβ¦
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through <= 1.0.
8.7
CVE-2023-7335 - EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics
EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, inclβ¦
7.5
CVE-2026-24390 - WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.
6.5
CVE-2026-24389 - WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.
4.3
CVE-2026-24388 - WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through <= 2.14.0.
4.3
CVE-2026-24387 - WordPress WP Quick Post Duplicator plugin <= 2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through <= 2.1.
4.3
CVE-2026-24386 - WordPress Element Invader β Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulβ¦
Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through <= 1.2.4.
5.4
CVE-2026-24384 - WordPress Merge + Minify + Refresh plugin <= 2.14 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n/a through <= 2.14.
6.5
CVE-2026-24383 - WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6.
5.4
CVE-2026-24381 - WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.