- March 25, 2026The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all…
- March 25, 2026The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `social_share` shortcode in all…
- March 25, 2026The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'meta_query[compare]' parameter in the 'tcg_select2_search_post' AJAX action…
- March 25, 2026The Reward Video Ad for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all…
- March 25, 2026The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `eds_font_awesome` shortcode in all…
- March 25, 2026The Post Snippits plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.…
- March 24, 2026The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_order]' parameter in the 'learndash_propanel_template'…
- March 24, 2026The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flag' shortcode in all versions…
- March 24, 2026The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up…
- March 24, 2026The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in…
- March 24, 2026The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
- March 24, 2026The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `itemscope` shortcode in all versions…
- March 24, 2026The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
- March 24, 2026The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
- March 24, 2026The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.…
- March 24, 2026The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check…
- March 24, 2026The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all…
- March 24, 2026The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to…
- March 24, 2026The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- March 24, 2026The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing…
