- March 18, 2026The Add Expires Headers & Optimized Minify plugin for WordPress is vulnerable to unauthorized access due to a missing capability…
- March 18, 2026The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin…
- March 18, 2026The YITH Request a Quote for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability…
- March 18, 2026The Better Business Reviews – Trustpilot WordPress Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing…
- March 18, 2026The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due…
- March 18, 2026The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a…
- March 18, 2026The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to…
- March 18, 2026The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to,…
- March 18, 2026The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized access due to a missing…
- March 18, 2026The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination…
- March 18, 2026The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter in all versions up…
- March 18, 2026The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including,…
- March 18, 2026The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up…
- March 18, 2026The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability…
- March 18, 2026The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aft_testimonial_meta_name' custom field in the…
- March 18, 2026The Curved Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'radius' parameter of the arctext shortcode…
- March 18, 2026The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions…
- March 18, 2026The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head_class' parameter of the 'autogen_menu'…
- March 18, 2026The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's `entrance_animation` attribute in…
- March 18, 2026The Countdown Timer – Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdevart_countdown' shortcode…
