- March 23, 2026The Mobile App Editor – WordPress to Android App Builder plugin for WordPress is vulnerable to arbitrary file uploads due…
- March 23, 2026The BuilderPress plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.1. This makes…
- March 23, 2026The Divi Booster plugin for WordPress is vulnerable to PHP Object Injection in versions up to 5.0.2 via deserialization of…
- March 23, 2026The Varnish/Nginx Proxy Caching plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,…
- March 23, 2026The Infility Global plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.14.49 due to…
- March 23, 2026The Terms descriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.9.…
- March 23, 2026The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up…
- March 23, 2026The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to,…
- March 23, 2026The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the…
- March 23, 2026The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up…
- March 23, 2026The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable…
- March 23, 2026The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and…
- March 18, 2026The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0. This…
- March 18, 2026The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site…
- March 18, 2026The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' and 'name_directory_description' parameters in all…
- March 18, 2026The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in…
- March 18, 2026The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'note_list_class' and 'popup_display_effect_in' parameters in all…
- March 18, 2026The Tutor LMS Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.8.3 due…
- March 18, 2026The JNews - Pay Writer plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including,…
- March 18, 2026The Laurent Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.4.1. This…
