- March 18, 2026The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up…
- March 18, 2026The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check…
- March 18, 2026The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_reservation shortcode in…
- March 18, 2026The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up…
- March 18, 2026The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- March 18, 2026The NEX-Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 9.1.7 due to…
- March 18, 2026The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in…
- March 18, 2026The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all…
- March 18, 2026The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is…
- March 18, 2026The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events`…
