- March 18, 2026The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter…
- March 18, 2026The Crete Core plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.3 due to…
- March 18, 2026The ModelTheme Addons for WPBakery and Elementor plugin for WordPress is vulnerable to PHP Object Injection in versions up to…
- March 18, 2026The Omnipress plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.6.7. This makes…
- March 18, 2026The Kentha Elementor Widgets plugin for WordPress is vulnerable to Local File Inclusion in versions up to 3.1. This makes…
- March 18, 2026The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to…
- March 18, 2026The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to…
- March 18, 2026The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6.…
- March 18, 2026The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4…
- March 18, 2026The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player plugin for WordPress is vulnerable to Server-Side Request…
- March 18, 2026The amr cron manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3…
- March 18, 2026The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Privilege Escalation in all versions…
- March 18, 2026The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to…
- March 18, 2026The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request…
- March 18, 2026The wpDataTables (Premium) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.5.0.1. This…
- March 18, 2026The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_name' and 'wpb_user_email' parameters in all versions…
- March 18, 2026The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the…
- March 18, 2026The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to…
- March 18, 2026The Podlove Web Player plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 5.9.1…
- March 18, 2026The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored…
