- March 18, 2026The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in…
- March 18, 2026The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions…
- March 18, 2026The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site…
- March 18, 2026The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4.…
- March 18, 2026The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all…
- March 18, 2026The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all…
- March 18, 2026The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all…
- March 18, 2026The Court Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.10.8 due…
- March 18, 2026The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on…
- March 18, 2026The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to…
- March 18, 2026The Connector Wizard (formerly LC Wizard) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
- March 18, 2026The Okay Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.3 due…
- March 18, 2026The Woo File Dropzone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in…
- March 18, 2026The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to,…
- March 18, 2026The AWCA – The Great Analytics Insights for Your eStore plugin for WordPress is vulnerable to unauthorized access due to…
- March 18, 2026The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and…
- March 18, 2026The Export Media URLs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.2…
- March 18, 2026The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter…
- March 18, 2026The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up…
- March 18, 2026The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all…
