Severity
High
Analysis Summary
CVE-2025-26886 CVSS:7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Authors allows SQL Injection. This issue affects PublishPress Authors: from n/a through 4.7.3.
CVE-2025-26875 CVSS:9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.3.
CVE-2025-26556 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zzmaster WP AntiDDOS allows Reflected XSS. This issue affects WP AntiDDOS: from n/a through 2.0.
CVE-2025-26555 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Debug-Bar-Extender allows Reflected XSS. This issue affects Debug-Bar-Extender: from n/a through 0.5.
CVE-2025-26554 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Discord Post allows Reflected XSS. This issue affects WP Discord Post: from n/a through 2.1.0.
Impact
- Data Manipulation
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-26886
CVE-2025-26875
CVE-2025-26556
CVE-2025-26555
CVE-2025-26554
Affected Vendors
- WordPress
Affected Products
- PublishPress PublishPress Authors - n/a
- silverplugins217 Multiple Shipping And Billing Address For Woocommerce - n/a
- zzmaster WP AntiDDOS - n/a
- NotFound Debug-Bar-Extender - n/a
- NotFound WP Discord Post - n/a
Remediation
Update the WordPress plugin to the latest available version.