- March 18, 2026The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in…
- March 18, 2026The Happy Addons for Elementor plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.20.4…
- March 18, 2026The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field…
- March 18, 2026The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to Insecure Direct…
- March 18, 2026The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to unauthorized access due to…
- March 18, 2026The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute…
- March 18, 2026The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14…
- March 18, 2026The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to,…
- March 18, 2026The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list'…
- March 18, 2026The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts] shortcode…
