6.5
CVE-2026-24361 - WordPress LearnPress β Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a through <= 4.1.9.
4.6
CVE-2026-24360 - WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulneraβ¦
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.
8.8
CVE-2026-24358 - WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3.
8.1
CVE-2026-24357 - WordPress WP Recipe Maker plugin <= 10.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4.
8.8
CVE-2026-24356 - WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
5.4
CVE-2026-24355 - WordPress Houzez Theme - Functionality plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through <= 4.2.6.
6.5
CVE-2026-24354 - WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.
8.1
CVE-2026-24353 - WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.
9.8
CVE-2026-23978 - WordPress Gyan Elements plugin <= 2.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through <= 2.2.1.
7.1
CVE-2026-23976 - WordPress Modula Image Gallery plugin <= 2.13.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.