- March 18, 2026The JupiterX Core plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.10.1 via…
- March 18, 2026The TheGem Theme Elements (for Elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and…
- March 18, 2026The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the…
- March 18, 2026The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all…
- March 18, 2026The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions…
- March 18, 2026The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of…
- March 18, 2026The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’ parameter in all versions…
- March 18, 2026The Lead Capturing Pages plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.5 due…
- March 18, 2026The Virtual Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0 due…
- March 18, 2026The Felan Framework plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.3 due to…
- March 18, 2026The ListingHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 1.2.6 due to insufficient input…
- March 18, 2026The Handmade Framework plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.9. This…
- March 18, 2026The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…
- March 18, 2026The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.9.0 via…
- March 18, 2026The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in…
- March 18, 2026The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The…
- March 18, 2026The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and…
- March 18, 2026The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This…
- March 18, 2026The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and…
- March 18, 2026The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all…
