8.8
CVE-2026-24356 - WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
5.4
CVE-2026-24355 - WordPress Houzez Theme - Functionality plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through <= 4.2.6.
6.5
CVE-2026-24354 - WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.
8.1
CVE-2026-24353 - WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.
9.8
CVE-2026-23978 - WordPress Gyan Elements plugin <= 2.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through <= 2.2.1.
7.1
CVE-2026-23976 - WordPress Modula Image Gallery plugin <= 2.13.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.
9.8
CVE-2026-23975 - WordPress Golo theme < 1.7.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5.
8.8
CVE-2026-23974 - WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
5.4
CVE-2026-22483 - WordPress teachPress plugin <= 9.0.12 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12.
9.1
CVE-2026-22482 - WordPress IMGspider plugin <= 2.3.12 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12.