- March 28, 2026The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
- March 28, 2026The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6.…
- March 25, 2026The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in all…
- March 25, 2026The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in…
- March 25, 2026The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and 'sort_order' parameters in all versions up…
- March 25, 2026The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
- March 25, 2026The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via…
- March 24, 2026The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to,…
- March 24, 2026The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions…
- March 24, 2026The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up…
