Severity: medium

March 18, 2026

The UberSlider MouseInteraction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.3 due…

March 18, 2026

The UberSlider Ultra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.3 due…

March 18, 2026

The UberSlider PerpetuumMobile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.3 due…

March 18, 2026

The UberSlider Classic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.5 due…

March 18, 2026

The pixfort Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.2.22 due…

March 18, 2026

The Pixfort Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function…

March 18, 2026

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.9.12 due to…

March 18, 2026

The Ultimate Addons for WPBakery Page Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability…

March 18, 2026

The ListingPro Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.8 due…

March 18, 2026

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up…

March 18, 2026

The Electric Enquiries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button' parameter of the electric-enquiry shortcode…

March 18, 2026

The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure Direct Object Reference (IDOR) in versions up to,…

March 18, 2026

The LambertGroup - AllInOne - Content Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to,…

March 18, 2026

The Ultimate Learning Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.9.1…

March 18, 2026

The LambertGroup - AllInOne - Banner with Thumbnails plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up…

March 18, 2026

The AllInOne - Banner Rotator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including,…

March 18, 2026

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Directory Traversal in all versions up to,…

March 18, 2026

The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to unauthorized access…

March 18, 2026

The OVRI Payment plugin for WordPress contains malicious .htaccess files in version 1.7.0. The files contain directives to prevent the…

March 18, 2026

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…