- March 18, 2026The Product Filter for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including,…
- March 18, 2026The Portfolio Builder plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.2.5. This…
- March 18, 2026The GMap Targeting plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.7 due…
- March 18, 2026The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL…
- March 18, 2026The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up…
- March 18, 2026The TopperPack – Complete Elementor Addons, Theme & CPT Builder plugin for WordPress is vulnerable to Local File Inclusion in…
- March 18, 2026The Contact Manager plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 9.1 via…
- March 18, 2026The GSheetConnector For WPForms – WPForms Google Sheets Integration (Real-Time Sync) plugin for WordPress is vulnerable to Remote Code Execution…
- March 18, 2026The NPS computy plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.2 due…
- March 18, 2026The NEX-Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.1.7 due to…
- March 18, 2026The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via…
- March 18, 2026The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infility_get_data' API action in all versions…
- March 18, 2026The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR)…
- March 18, 2026The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
- March 18, 2026The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in…
- March 18, 2026The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in…
- March 18, 2026The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- March 18, 2026The CMSMasters Content Composer plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.5.…
- March 18, 2026The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and…
- March 18, 2026The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up…
