- March 18, 2026The EduBlink Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7. This…
- March 18, 2026The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path…
- March 18, 2026The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.7.7 due to…
- March 18, 2026The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and…
- March 18, 2026The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.6.33.…
- March 18, 2026The Automotive Listings plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 18.6 due to…
- March 18, 2026The Newsletters plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.11 via deserialization…
- March 18, 2026The WP Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.4. This…
- March 18, 2026The Eventin plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.1.3 via deserialization…
- March 18, 2026The Hospital Doctor Directory plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.3.9.…
- March 18, 2026The Final User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.5. This…
- March 18, 2026The Homey Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.3 due…
- March 18, 2026The Institutions Directory plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.3.4. This…
- March 18, 2026The MyHome Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0. This…
- March 18, 2026The eCommerce plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.15.1 via deserialization…
- March 18, 2026The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Remote Code Execution…
- March 18, 2026The Paid Downloads plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.15 due to…
- March 18, 2026The Lawyer Directory plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.3.3.This makes…
- March 18, 2026The JobWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.5 due to…
- March 18, 2026The WorkScout-Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.06 due to…
