May 4, 2026CVE-2026-4808 affects the Gerador De Certificados Devapps plugin for WordPress (up to 1.3.6) with a CVSS score of 7.2. Authenticated…- May 4, 2026The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to,…
- May 4, 2026The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to,…
- May 4, 2026The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including…
- May 4, 2026The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to…
- May 4, 2026The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to…
- May 4, 2026The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all…
- May 4, 2026The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This…
- May 4, 2026The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up…
- May 4, 2026The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter…
- May 4, 2026The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0.…
- May 4, 2026The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This…
- May 4, 2026The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up…
- May 4, 2026The Royal Elementor Addons plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.7.1057.…
- May 4, 2026The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all…
- May 4, 2026The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0.…
- May 4, 2026The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all…
- May 4, 2026The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up…
- May 4, 2026The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure…
- May 4, 2026The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote…
