- March 24, 2026The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to,…
- March 24, 2026The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up…
- March 24, 2026The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function…
- March 24, 2026The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions…
- March 23, 2026The Antideo Email Validator plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.10 due…
- March 23, 2026The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and…
- March 23, 2026The Post Slides plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.1.…
- March 23, 2026The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to,…
- March 23, 2026The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including,…
- March 23, 2026The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including,…
- March 23, 2026The CleverReach® WP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.5.21 due to…
- March 23, 2026The Infility Global plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.14.49 due…
- March 23, 2026The Synergy Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5…
- March 23, 2026The Omnichannel for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.65…
- March 23, 2026The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions…
- March 23, 2026The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via…
- March 23, 2026The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the…
- March 23, 2026The Everest Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.10…
- March 23, 2026The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' (fingerprint) parameter in all versions…
- March 23, 2026The Remoji – Post/Comment Reaction and Enhancement plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to,…
