- March 18, 2026The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8.…
- March 18, 2026The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab_color_picker_language_switch' parameter in all versions…
- March 18, 2026The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
- March 18, 2026The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on…
- March 18, 2026The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sb_ravelry_designs'…
- March 18, 2026The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions…
- March 18, 2026The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'show_sphere_image' shortcode…
- March 18, 2026The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in…
- March 18, 2026The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check…
- March 18, 2026The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions up…
