- April 17, 2026The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for…
- April 17, 2026The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint…
- April 17, 2026The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up…
- April 17, 2026The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter…
- April 16, 2026The JetSearch plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.5.10 due to insufficient…
- April 6, 2026The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16.…
- April 6, 2026The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys…
- April 6, 2026The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in…
- April 6, 2026The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress…
- April 6, 2026The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure…
- April 6, 2026The Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization plugin for WordPress is vulnerable to Remote…
- April 6, 2026The Product File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path…
- April 6, 2026The Fraud Prevention For WooCommerce and EDD plugin for WordPress is vulnerable to unauthorized access due to a missing capability…
- April 6, 2026The NaturaLife Extensions plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1. This…
- April 6, 2026The Wishlist Member plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.29.0 via…
- April 6, 2026The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and…
- April 6, 2026The Wishlist Member plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all…
- April 6, 2026The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to PHP…
- April 6, 2026The SUMO Affiliates Pro plugin for WordPress is vulnerable to PHP Object Injection in versions up to 11.4.0 via deserialization…
- April 6, 2026The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to PHP Object Injection in versions up…
