- April 1, 2026The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Local File Inclusion in versions up…
- April 1, 2026The FAQ Builder AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.2…
- March 30, 2026The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to SQL Injection…
- March 30, 2026The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions…
- March 30, 2026The WPJAM Basic plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all…
- March 30, 2026The Green Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all…
- March 29, 2026The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,…
- March 29, 2026The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in all versions up to,…
- March 29, 2026The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions…
- March 29, 2026The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- March 29, 2026The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vagaro_code’ parameter in all versions…
- March 29, 2026The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This…
- March 29, 2026The Photo Engine (Media Organizer & Lightroom) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file…
- March 28, 2026The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
- March 28, 2026The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.6.…
- March 25, 2026The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in all…
- March 25, 2026The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in…
- March 25, 2026The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and 'sort_order' parameters in all versions up…
- March 25, 2026The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
- March 25, 2026The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.5.3 via…
