Severity: high

March 23, 2026

The Infility Global plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.14.49 due…

March 23, 2026

The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions…

March 23, 2026

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via…

March 23, 2026

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the…

March 23, 2026

The Everest Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9.10…

March 23, 2026

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' (fingerprint) parameter in all versions…

March 23, 2026

The Remoji – Post/Comment Reaction and Enhancement plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to,…

March 23, 2026

The BuilderPress plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.1. This makes…

March 23, 2026

The Divi Booster plugin for WordPress is vulnerable to PHP Object Injection in versions up to 5.0.2 via deserialization of…

March 23, 2026

The Mobile App Editor – WordPress to Android App Builder plugin for WordPress is vulnerable to arbitrary file uploads due…