- March 18, 2026The Connector Wizard (formerly LC Wizard) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
- March 18, 2026The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and…
- March 18, 2026The Export Media URLs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.2…
- March 18, 2026The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter…
- March 18, 2026The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up…
- March 18, 2026The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all…
- March 18, 2026The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions…
- March 18, 2026The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a…
- March 18, 2026The Addonify Floating Cart For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
- March 18, 2026The iContact for Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including,…
