7.5
CVE-2026-24390 - WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.
6.5
CVE-2026-24389 - WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.
4.3
CVE-2026-24388 - WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through <= 2.14.0.
4.3
CVE-2026-24387 - WordPress WP Quick Post Duplicator plugin <= 2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through <= 2.1.
4.3
CVE-2026-24386 - WordPress Element Invader โ Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulโฆ
Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader – Template Kits for Elementor: from n/a through <= 1.2.4.
5.4
CVE-2026-24384 - WordPress Merge + Minify + Refresh plugin <= 2.14 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n/a through <= 2.14.
6.5
CVE-2026-24383 - WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6.
5.4
CVE-2026-24381 - WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.
8.8
CVE-2026-24380 - WordPress EventPrime plugin <= 4.2.8.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.
9.1
CVE-2026-24379 - WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.