- April 26, 2026The Post Duplicator plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.10 via…
- April 25, 2026The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including,…
- April 23, 2026The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code…
- April 23, 2026The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin…
- April 21, 2026The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site…
- April 19, 2026The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
- April 19, 2026The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL…
- April 19, 2026The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection in versions…
- April 19, 2026The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to SQL Injection in versions up…
- April 19, 2026The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including…
- April 19, 2026The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection in versions up to 2.3.8 due to insufficient…
- April 19, 2026The AWP Classifieds plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function…
- April 19, 2026The GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content plugin for WordPress is vulnerable to SQL Injection…
- April 19, 2026The WP-BusinessDirectory – Business directory plugin for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing…
- April 18, 2026The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is…
- April 18, 2026The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference…
- April 18, 2026The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including…
- April 18, 2026The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and…
- April 17, 2026The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.3. This…
- April 17, 2026The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. This…
