| ID | Title | Description | Published/Updated | Severity | Link |
|---|---|---|---|---|---|
| CVE-2026-0593 | CVE-2026-0593 - WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification | CVE ID : CVE-2026-0593 Published : Jan. 24, 2026, 5:15 p.m. | 6 hours, 50 minutes ago Description : The WP Go Maps (formerly WP Google Maps) plugin... | Sat, 24 Jan 2026 17:15:58 +0000 | Unknown | Details |
| CVE-2026-0862 | CVE-2026-0862 - Save as PDF Plugin by PDFCrowd <= 4.5.5 - Reflected Cross-Site Scripting via options | CVE ID : CVE-2026-0862 Published : Jan. 24, 2026, 4:15 p.m. | 7 hours, 50 minutes ago Description : The Save as PDF Plugin by PDFCrowd plugin for W... | Sat, 24 Jan 2026 16:15:52 +0000 | Unknown | Details |
| CVE-2026-0911 | CVE-2026-0911 - Hustle <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upoload via Module Import | CVE ID : CVE-2026-0911 Published : Jan. 24, 2026, 1:15 p.m. | 10 hours, 50 minutes ago Description : The Hustle – Email Marketing, Lead Generation,... | Sat, 24 Jan 2026 13:15:55 +0000 | Unknown | Details |
| CVE-2025-13920 | CVE-2025-13920 - WP Directory Kit <= 1.4.9 - Unauthenticated Email Exposure via wdk_public_action | CVE ID : CVE-2025-13920 Published : Jan. 24, 2026, 1:15 p.m. | 10 hours, 50 minutes ago Description : The WP Directory Kit plugin for WordPress is ... | Sat, 24 Jan 2026 13:15:54 +0000 | Unknown | Details |
| CVE-2026-1302 | CVE-2026-1302 - Meta-box GalleryMeta <= 3.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Image Caption | CVE ID : CVE-2026-1302 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The Meta-box GalleryMeta plugin for WordPress ... | Sat, 24 Jan 2026 09:15:54 +0000 | Unknown | Details |
| CVE-2026-1300 | CVE-2026-1300 - Responsive Header Plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters | CVE ID : CVE-2026-1300 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The Responsive Header plugin for WordPress is ... | Sat, 24 Jan 2026 09:15:54 +0000 | Unknown | Details |
| CVE-2026-1266 | CVE-2026-1266 - Postalicious <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings | CVE ID : CVE-2026-1266 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The Postalicious plugin for WordPress is vulne... | Sat, 24 Jan 2026 09:15:54 +0000 | Unknown | Details |
| CVE-2026-1208 | CVE-2026-1208 - Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery to Settings Update | CVE ID : CVE-2026-1208 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The Friendly Functions for Welcart plugin for ... | Sat, 24 Jan 2026 09:15:54 +0000 | Unknown | Details |
| CVE-2026-1191 | CVE-2026-1191 - JavaScript Notifier <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings | CVE ID : CVE-2026-1191 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The JavaScript Notifier plugin for WordPress i... | Sat, 24 Jan 2026 09:15:53 +0000 | Unknown | Details |
| CVE-2026-1189 | CVE-2026-1189 - LeadBI Plugin for WordPress <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_id' Shortcode Attribute | CVE ID : CVE-2026-1189 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The LeadBI Plugin for WordPress plugin for Wor... | Sat, 24 Jan 2026 09:15:53 +0000 | Unknown | Details |
| CVE-2026-1127 | CVE-2026-1127 - Timeline Event History <= 3.2 - Reflected Cross-Site Scripting | CVE ID : CVE-2026-1127 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The Timeline Event History plugin for WordPres... | Sat, 24 Jan 2026 09:15:53 +0000 | Unknown | Details |
| CVE-2026-1098 | CVE-2026-1098 - CM CSS Columns <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute | CVE ID : CVE-2026-1098 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The CM CSS Columns plugin for WordPress is vul... | Sat, 24 Jan 2026 09:15:53 +0000 | Unknown | Details |
| CVE-2026-0800 | CVE-2026-0800 - User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field | CVE ID : CVE-2026-0800 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The User Submitted Posts – Enable Users to Sub... | Sat, 24 Jan 2026 09:15:53 +0000 | Unknown | Details |
| CVE-2026-0687 | CVE-2026-0687 - Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management | CVE ID : CVE-2026-0687 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The Meta-box GalleryMeta plugin for WordPress ... | Sat, 24 Jan 2026 09:15:53 +0000 | Unknown | Details |
| CVE-2026-0633 | CVE-2026-0633 - MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value | CVE ID : CVE-2026-0633 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The MetForm – Contact Form, Survey, Quiz, & Cu... | Sat, 24 Jan 2026 09:15:52 +0000 | Unknown | Details |
| CVE-2025-15516 | CVE-2025-15516 - All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update | CVE ID : CVE-2025-15516 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The All-in-One Video Gallery plugin for WordP... | Sat, 24 Jan 2026 09:15:52 +0000 | Unknown | Details |
| CVE-2025-14907 | CVE-2025-14907 - Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update | CVE ID : CVE-2025-14907 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The Moderate Selected Posts plugin for WordPr... | Sat, 24 Jan 2026 09:15:52 +0000 | Unknown | Details |
| CVE-2025-14630 | CVE-2025-14630 - AdminQuickbar <= 1.9.3 - Cross-Site Request Forgery to Settings Update | CVE ID : CVE-2025-14630 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The AdminQuickbar plugin for WordPress is vul... | Sat, 24 Jan 2026 09:15:52 +0000 | Unknown | Details |
| CVE-2025-13205 | CVE-2025-13205 - SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.20 - Cross-Site Request Forgery to Survey Cloning | CVE ID : CVE-2025-13205 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The SurveyJS: Drag & Drop WordPress Form Buil... | Sat, 24 Jan 2026 09:15:51 +0000 | Unknown | Details |
| CVE-2025-13194 | CVE-2025-13194 - SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.20 - Cross-Site Request Forgery to Survey Renaming | CVE ID : CVE-2025-13194 Published : Jan. 24, 2026, 9:15 a.m. | 14 hours, 50 minutes ago Description : The SurveyJS: Drag & Drop WordPress Form Buil... | Sat, 24 Jan 2026 09:15:51 +0000 | Unknown | Details |
Cached data expires in 24 hours. Health Check