6.5
CVE-2026-24952 - WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.
4.3
CVE-2026-24951 - WordPress myCred plugin <= 2.9.7.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3.
4.3
CVE-2026-24947 - WordPress LA-Studio Element Kit for Elementor plugin < 1.5.6.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through < 1.5.6.3.
5.3
CVE-2026-24945 - WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.34 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.34.
4.3
CVE-2026-24942 - WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through <= 5.1.1.
4.3
CVE-2026-24940 - WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through <= 1.3.3.
4.3
CVE-2026-24939 - WordPress Modula Image Gallery plugin <= 2.13.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through <= 2.13.6.
5.9
CVE-2026-24938 - WordPress Better Search plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through <= 4.2.1.
7.6
CVE-2025-7760 - Reflected XSS in Ofisimo's Association Web Package Flora
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HTTP Headers.This issue affects Association Web Package Flora: from v3.0 through 03022026.Β NOTE: The β¦
8.6
CVE-2025-6397 - XSS in Ankara Hosting's web site
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Website Software: through 03022026.Β NOTE: The vendor was contacted early about this disclosure but diβ¦