- April 19, 2026The WP-BusinessDirectory – Business directory plugin for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing…
- April 18, 2026The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is…
- April 18, 2026The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference…
- April 18, 2026The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including…
- April 18, 2026The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and…
- April 17, 2026The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This…
- April 17, 2026The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This…
- April 17, 2026The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for…
- April 17, 2026The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint…
- April 17, 2026The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up…
