- March 24, 2026The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.…
- March 24, 2026The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check…
- March 24, 2026The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all…
- March 24, 2026The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to…
- March 24, 2026The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- March 24, 2026The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing…
- March 24, 2026The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flag' shortcode in all versions…
- March 24, 2026The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up…
- March 24, 2026The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in…
- March 23, 2026The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
