- March 18, 2026The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page_key’ parameter in all versions up…
- March 18, 2026The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.…
- March 18, 2026The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and…
- March 18, 2026The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kf_field_figure_default_color_render function in all versions up…
- March 18, 2026The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive…
- March 18, 2026The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including,…
- March 18, 2026The Simple User Meta Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user meta value field…
- March 18, 2026The twinklesmtp – Email Service Provider For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's sender…
- March 18, 2026The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
- March 18, 2026The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cusdata’ parameter in…
- March 18, 2026The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the…
- March 18, 2026The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This…
- March 18, 2026The Ultimate Reviews plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,…
- March 18, 2026The Essential Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including,…
- March 18, 2026The The Events Calendar Countdown Addon plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
- March 18, 2026The BulletProof Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.9.…
- March 18, 2026The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and…
- March 18, 2026The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up…
- March 18, 2026The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all…
- March 18, 2026The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization…
