- March 30, 2026The New User Approve plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a…
- March 30, 2026The WP Custom Admin Interface plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including,…
- March 29, 2026The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the…
- March 29, 2026The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege…
- March 29, 2026The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
- March 29, 2026The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode…
- March 29, 2026The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes…
- March 29, 2026The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ad' shortcode's 'client' attribute in all…
- March 29, 2026The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to arbitrary file read via path…
- March 29, 2026The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids' parameter of the pprh_update_hints…
