5.4
CVE-2026-25021 - WordPress Mizan Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mizan Demo Importer: from n/a through <= 0.1.3.
4.3
CVE-2026-25020 - WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0.
5.3
CVE-2026-25019 - WordPress Atarim plugin <= 4.3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.1.
4.3
CVE-2026-25016 - WordPress Nelio Popups plugin <= 1.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through <= 1.3.5.
4.3
CVE-2026-25015 - WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53.
4.3
CVE-2026-25014 - WordPress Enter Addons plugin <= 2.3.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.
5.3
CVE-2026-25012 - WordPress WP Bannerize Pro plugin <= 1.11.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through <= 1.11.0.
4.3
CVE-2026-25011 - WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability
Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41.
5.3
CVE-2026-25010 - WordPress Share This Image plugin <= 2.09 - Broken Access Control vulnerability
Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09.
5.3
CVE-2026-24998 - WordPress Hustle plugin <= 7.8.9.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2.