- May 4, 2026The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote…
- May 4, 2026The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the…
- May 4, 2026WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions…
- April 28, 2026The Blocksy Companion Pro plugin for WordPress is vulnerable to SQL Injection in versions up to 2.1.29 due to insufficient…
- April 28, 2026The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to Privilege Escalation in all versions up…
- April 28, 2026The Mikado Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.6. This…
- April 28, 2026The Solene Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.3.2. This…
- April 28, 2026The Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails plugin for WordPress is vulnerable to Privilege…
- April 27, 2026The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to SQL Injection in…
- April 27, 2026The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.31 due…
- April 27, 2026The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions…
- April 27, 2026The SpeakOut! Email Petitions plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.6.5 due…
- April 26, 2026The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including…
- April 26, 2026The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.5.0 due…
- April 26, 2026The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to SQL Injection in versions up to 3.1.3…
- April 26, 2026The WooCommerce Product Filters plugin for WordPress is vulnerable to PHP Object Injection in versions up to 2.0.6 via deserialization…
- April 26, 2026The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL…
- April 26, 2026The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to SQL Injection in versions up to, and…
- April 26, 2026The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all…
- April 26, 2026The WP Photo Album Plus plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 9.1.08.001…
