- April 6, 2026The Phox Hosting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.8 due…
- April 6, 2026The Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to unauthorized access…
- April 6, 2026The Contextual Related Posts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a…
- April 6, 2026The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to…
- April 6, 2026The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on…
- April 6, 2026The avalex – Automatisch sichere Rechtstexte plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
- April 6, 2026The GZSEO plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in…
- April 6, 2026The XStore Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.6.4 due…
- April 6, 2026The Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools plugin for WordPress is vulnerable to…
- April 6, 2026The Ave Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function…
- April 6, 2026The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 via…
- April 6, 2026The UpSolution Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 8.41 due…
- April 6, 2026The Spam Protect for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file…
- April 6, 2026The Miraculous Core plugin for WordPress is vulnerable to SQL Injection in versions up to 2.1.2 due to insufficient escaping…
- April 6, 2026The iTracker360 plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Stored Cross-Site Scripting in all versions up…
- April 6, 2026The WP Terms Popup – Terms and Conditions and Privacy Policy WordPress Popups plugin for WordPress is vulnerable to unauthorized…
- April 6, 2026The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions…
- April 6, 2026The WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to unauthorized…
- April 6, 2026The Motta Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 1.6.1 due to insufficient…
- April 6, 2026The MSTW League Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.10…
