- March 18, 2026The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability…
- March 18, 2026The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in…
- March 18, 2026The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all…
- March 18, 2026The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including,…
- March 18, 2026The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up…
- March 18, 2026The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to,…
- March 18, 2026The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions…
- March 18, 2026The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9.…
- March 18, 2026The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based…
- March 18, 2026The Handmade Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.9 due…
