#	Title	CVE	Severity	Published At
1	W3 Total Cache <= 2.9.1 - Unauthenticated Arbitrary Code Execution	CVE-2026-27384	Critical (9.8)	Feb 24, 2026
2	Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2026-2593	Medium (6.4)	Mar 5, 2026
3	Broken Link Notifier <= 1.3.5 - Missing Authorization	CVE-2026-25408	Medium (5.3)	Jan 29, 2026
4	WP All Import <= 4.0.0 - Reflected Cross-Site Scripting via 'filepath'	CVE-2026-2830	Medium (6.1)	Mar 5, 2026
5	Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload	CVE-2026-3459	High (8.1)	Mar 5, 2026
6	My Tickets – Accessible Event Ticketing <= 2.1.0 - Unauthenticated Information Exposure	CVE-2026-27406	Medium (5.3)	Feb 23, 2026
7	Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.3.4 - Authenticated (Subscriber+) Sensitive Data Exposure	CVE-2026-23546	Medium (4.3)	Feb 23, 2026
8	NextScripts: Social Networks Auto-Poster <= 4.4.7 - Authenticated (Contributor+) PHP Object Injection	CVE-2026-27379	High (7.5)	Feb 24, 2026
9	Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty <= 3.5.1 - Unauthenticated Information Exposure	CVE-2026-27370	Medium (5.3)	Feb 24, 2026
10	Dentario <= 1.5 - Unauthenticated PHP Object Injection	CVE-2026-27439	High (8.1)	Feb 23, 2026