- April 1, 2026The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12.…
- April 1, 2026The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Scripting vulnerabilities in all…
- April 1, 2026The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable…
- April 1, 2026The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort`…
- April 1, 2026The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode…
- April 1, 2026The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due…
- April 1, 2026The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute…
- April 1, 2026The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update_href’ parameter in all versions up…
- April 1, 2026The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- April 1, 2026The Premmerce Redirect Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a…
- March 30, 2026The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to unauthorized access…
- March 30, 2026The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias (`val` parameter)…
- March 30, 2026The Avada (Fusion) Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 3.15.0 due to…
- March 30, 2026The Event Booking Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and…
- March 30, 2026The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
- March 30, 2026The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ao_post_preload' meta value in all versions up…
- March 30, 2026The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up…
- March 30, 2026The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress is vulnerable to unauthorized access in all versions up…
- March 30, 2026The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection in versions…
- March 30, 2026The Comments Import & Export plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on…
