0.0
CVE-2026-32367 - WordPress Modal Dialog plugin <= 3.5.16 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through <= 3.5.16.
8.5
CVE-2026-32366 - WordPress Collapsing Categories plugin <= 3.0.9 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.
0.0
CVE-2026-32365 - WordPress Collapsing Archives plugin <= 3.0.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3.0.7.
0.0
CVE-2026-32364 - WordPress Turbo Manager plugin < 4.0.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through < 4.0.8.
5.3
CVE-2026-32363 - WordPress WPLifeCycle plugin <= 3.3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1.
5.3
CVE-2026-32362 - WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.3 - Broken Access Control vulnerβ¦
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3.
0.0
CVE-2026-32361 - WordPress Editorial Calendar plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Editorial Calendar: from n/a through <= 3.9.0.
5.9
CVE-2026-32360 - WordPress Rich Showcase for Google Reviews plugin <= 6.9.4.3 - Cross Site Scripting (XSS) vulnerabiβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3.
0.0
CVE-2026-32359 - WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: from n/a through <= 1.2.3.
7.6
CVE-2026-32358 - WordPress Booking Calendar plugin <= 10.14.15 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.