- March 18, 2026The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter…
- March 18, 2026The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up…
- March 18, 2026The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all…
- March 18, 2026The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions…
- March 18, 2026The Plugin BlueX for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on…
- March 18, 2026The Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin for WordPress is vulnerable to unauthorized access…
- March 18, 2026The Addonify – WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on…
- March 18, 2026The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to,…
- March 18, 2026The Addonify – Compare Products For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability…
- March 18, 2026The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
- March 18, 2026The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.13.4…
- March 18, 2026The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the…
- March 18, 2026The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via…
- March 18, 2026The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the…
- March 18, 2026The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all…
- March 18, 2026The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including,…
- March 18, 2026The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- March 18, 2026The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and…
- March 18, 2026The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions…
- March 18, 2026The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check…
