6.5
CVE-2026-39696 - WordPress Elfsight WhatsApp Chat CC plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through <= 1.2.0.
5.4
CVE-2026-39695 - WordPress Podigee plugin <= 1.4.0 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through <= 1.4.0.
5.3
CVE-2026-39694 - WordPress Simply Schedule Appointments plugin <= 1.6.10.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2.
5.9
CVE-2026-39693 - WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerabiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through <= 1.25.1.
6.5
CVE-2026-39692 - WordPress tagDiv Composer plugin <= 5.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3.
5.3
CVE-2026-39691 - WordPress Cryptocurrency Donation Box β Bitcoin & Crypto Donations plugin <= 2.2.13 - Broken Accessβ¦
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box β Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box β Bitcoin & Crypto Donations: from n/a thrβ¦
5.3
CVE-2026-39690 - WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through <= 2.1.25.
0.0
CVE-2026-39689 - WordPress eShipper Commerce plugin <= 2.16.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.
5.3
CVE-2026-39688 - WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through <= 1.3.9.
5.3
CVE-2026-39687 - WordPress Rapid Car Check Vehicle Data plugin <= 2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through <= 2.0.