Severity: medium

March 18, 2026

The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is…

March 18, 2026

The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events`…

March 18, 2026

The Visitor Maps Extended Referer Field plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and…

March 18, 2026

The Business Template Blocks for WPBakery (Visual Composer) Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in…

March 18, 2026

The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including,…

March 18, 2026

The WooCommerce Bulk Product Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on…

March 18, 2026

The Whizz Plugins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.9 due…

March 18, 2026

The Visual Feedback, Review & AI Collaboration Tool For WordPress – Atarim plugin for WordPress is vulnerable to unauthorized access…

March 18, 2026

The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.2…

March 18, 2026

The Simple File List plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.15.…