- March 18, 2026The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including,…
- March 18, 2026The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all…
- March 18, 2026The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11.…
- March 18, 2026The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in…
- March 18, 2026The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions…
- March 18, 2026The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and…
- March 18, 2026The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through…
- March 18, 2026The DukaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.4 due to…
- March 18, 2026The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2.…
- March 18, 2026The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in…
- March 18, 2026The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all…
- March 18, 2026The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up…
- March 18, 2026The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and…
- March 18, 2026The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions…
- March 18, 2026The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
- March 18, 2026The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17…
- March 18, 2026The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up…
- March 18, 2026The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including,…
- March 18, 2026The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and…
- March 18, 2026The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all…
