- April 20, 2026The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
- April 20, 2026The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bulk_actions_handler()` methods in `class-dlm-downloads-path.php`…
- April 20, 2026The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field…
- April 20, 2026The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due…
- April 20, 2026The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability…
- April 19, 2026The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing…
- April 19, 2026The BackupBliss – Backup & Migration with Free Cloud Storage plugin for WordPress is vulnerable to Sensitive Information Exposure in…
- April 19, 2026The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to unauthorized access…
- April 19, 2026The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,…
- April 19, 2026The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,…
- April 19, 2026The WP Directory Kit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a…
- April 19, 2026The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all…
- April 19, 2026The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The wp_ajax_ziggeo_ajax…
- April 19, 2026The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'file_color_list' shortcode attribute…
- April 18, 2026The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
- April 18, 2026The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths…
- April 18, 2026The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_code`, `aFhfc_body_code`, and…
- April 18, 2026The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper…
- April 18, 2026The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due…
- April 18, 2026The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpr_pending_template' parameter…
