- March 23, 2026The WP-WebAuthn plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the `wwa_auth` AJAX endpoint in all versions…
- March 23, 2026The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
- March 23, 2026The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class'…
- March 23, 2026The Mandatory Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to,…
- March 23, 2026The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slides' shortcode attribute…
- March 23, 2026The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and…
- March 23, 2026The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored…
- March 23, 2026The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to,…
- March 23, 2026The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0.…
- March 23, 2026The Cargus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.8. This…
- March 23, 2026The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions…
- March 23, 2026The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6.…
- March 23, 2026The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and…
- March 23, 2026The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary…
- March 23, 2026The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewp_shortcode_taxonomy shortcode in all versions up…
- March 23, 2026The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions…
- March 23, 2026The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
- March 23, 2026The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…
- March 23, 2026The AWP Classifieds plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3.…
- March 23, 2026The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,…
