- March 18, 2026The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and…
- March 18, 2026The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up…
- March 18, 2026The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[labb_pricing_item]` shortcode's `title`…
- March 18, 2026The TP2WP Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Watched domains' textarea on the attachment…
- March 18, 2026The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to…
- March 18, 2026The NEX-Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 9.1.7 due to…
- March 18, 2026The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in…
- March 18, 2026The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all…
- March 18, 2026The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is…
- March 18, 2026The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events`…
