- April 1, 2026The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute…
- April 1, 2026The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable…
- April 1, 2026The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update_href’ parameter in all versions up…
- April 1, 2026The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- April 1, 2026The Premmerce Redirect Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a…
- March 30, 2026The Event Booking Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and…
- March 30, 2026The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to unauthorized access…
- March 30, 2026The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias (`val` parameter)…
- March 30, 2026The Avada (Fusion) Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 3.15.0 due to…
- March 30, 2026The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
