- March 18, 2026The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up…
- March 18, 2026The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions…
- March 18, 2026The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
- March 18, 2026The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17…
- March 18, 2026The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including,…
- March 18, 2026The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and…
- March 18, 2026The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all…
- March 18, 2026The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including,…
- March 18, 2026The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all…
- March 18, 2026The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to SQL…
