- March 25, 2026The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all…
- March 25, 2026The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `social_share` shortcode in all…
- March 25, 2026The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'meta_query[compare]' parameter in the 'tcg_select2_search_post' AJAX action…
- March 25, 2026The Reward Video Ad for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all…
- March 25, 2026The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `eds_font_awesome` shortcode in all…
- March 24, 2026The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template'…
- March 24, 2026The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `itemscope` shortcode in all versions…
- March 24, 2026The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
- March 24, 2026The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
- March 24, 2026The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.…
