#	Title	CVE	Severity	Published At
1	Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter	CVE-2025-13531	Medium (6.4)	Jan 6, 2026
2	Related Posts Thumbnails Plugin for WordPress <= 4.3.1 - Cross-Site Request Forgery	CVE-2026-24596	Medium (4.3)	Jan 15, 2026
3	B Accordion <= 2.0.0 - Authenticated (Contributor+) Information Exposure	CVE-2026-24565	Medium (4.3)	Jan 21, 2026
4	The Guardian News Feed <= 1.2 - Cross-Site Request Forgery to Settings Update	CVE-2026-1087	Medium (4.3)	Jan 16, 2026
5	True Ranker <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection	CVE-2026-1085	Medium (4.3)	Mar 6, 2026
6	Font Pairing Preview For Landing Pages <= 1.3 - Cross-Site Request Forgery to Settings Update	CVE-2026-1086	Medium (4.3)	Mar 6, 2026
7	Show YouTube video <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute	CVE-2026-1825	Medium (6.4)	Mar 6, 2026
8	Carta Online <= 2.13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings	CVE-2026-1071	Medium (4.4)	Mar 6, 2026
9	Infomaniak Connect for OpenID <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes	CVE-2026-1824	Medium (6.4)	Mar 6, 2026
10	RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 5.0.11 - Unauthenticated DOM-Based Reflected Cross-Site Scripting via postMessage	CVE-2026-2433	Medium (6.1)	Mar 6, 2026