Severity: medium

March 18, 2026

The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to,…

March 18, 2026

The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions…

March 18, 2026

The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9.…

March 18, 2026

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based…

March 18, 2026

The Handmade Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.9 due…

March 18, 2026

The Booking Calendar for Appointments and Service Businesses – Booktics plugin for WordPress is vulnerable to unauthorized modification of data…

March 18, 2026

The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wueen-blocket` shortcode in all versions up…

March 18, 2026

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `myqtip` shortcode in…

March 18, 2026

The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions…

March 18, 2026

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on…