- March 30, 2026The Comments Import & Export plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on…
- March 30, 2026The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to unauthorized access due to a missing capability…
- March 30, 2026The New User Approve plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a…
- March 29, 2026The Ecover Builder For Dummies plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the…
- March 29, 2026The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege…
- March 29, 2026The Show Posts list – Easy designs, filters and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
- March 29, 2026The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode…
- March 29, 2026The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes…
- March 29, 2026The Ad Short plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ad' shortcode's 'client' attribute in all…
- March 29, 2026The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to arbitrary file read via path…
- March 29, 2026The Pre* Party Resource Hints plugin for WordPress is vulnerable to SQL Injection via the 'hint_ids' parameter of the pprh_update_hints…
- March 29, 2026The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.…
- March 29, 2026The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all…
- March 29, 2026The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'scoreboard' shortcode in…
- March 29, 2026The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_cl_map_iframe' parameter in all versions up…
- March 28, 2026The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ytmr_fb_scoreboard' shortcode in all versions…
- March 28, 2026The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute…
- March 28, 2026The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and…
- March 28, 2026The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and…
- March 28, 2026The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This…
