- April 18, 2026The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the `receive_heartbeat()`…
- April 18, 2026The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in…
- April 17, 2026The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course enrollment in…
- April 17, 2026The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up…
- April 17, 2026The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions…
- April 17, 2026The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is…
- April 17, 2026The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in…
- April 17, 2026The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and…
- April 17, 2026The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4.…
- April 17, 2026The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through…
