- March 18, 2026The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized…
- March 18, 2026The Booking and Rental Manager plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including,…
- March 18, 2026The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0.…
- March 18, 2026The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up…
- March 18, 2026The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up…
- March 18, 2026The Miraculous Elementor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.7.This makes…
- March 18, 2026The WooCommerce Coming Soon Product with Countdown plugin for WordPress is vulnerable to Local File Inclusion in versions up to,…
- March 18, 2026The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including,…
- March 18, 2026The WordPress Upload Files Anywhere plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including,…
- March 18, 2026The shop plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.6.1. This makes…
- March 18, 2026The Themesflat Elementor plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0.1 via…
- March 18, 2026The Simple Retail Menus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.2.1.…
- March 18, 2026The User Extra Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 16.8…
- March 18, 2026The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing…
- March 18, 2026The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in…
- March 18, 2026The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin…
- March 18, 2026The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio…
- March 18, 2026The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in…
- March 18, 2026The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions…
- March 18, 2026The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in…
