Severity: medium

March 18, 2026

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable…

March 18, 2026

The DesignThemes Directory Addon plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a…

March 18, 2026

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in…

March 18, 2026

The URL Shortify – Simple and Easy URL Shortener plugin for WordPress is vulnerable to Server-Side Request Forgery in all…

March 18, 2026

The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8.…

March 18, 2026

The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to,…

March 18, 2026

The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo_event_field' shortcode in all…

March 18, 2026

The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `yamap` shortcode parameters in all…

March 18, 2026

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all…

March 18, 2026

The Easy Author Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author_profile_picture_url' parameter in all versions…

March 18, 2026

The TalkJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and…

March 18, 2026

The Advance Block Extend plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TitleColor block attribute in the…

March 18, 2026

The iXML – Google XML sitemap generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'iXML_email' parameter…

March 18, 2026

The salavat counter Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'image_url' parameter in all versions…

March 18, 2026

The Tennis Court Bookings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up…

March 18, 2026

The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up…

March 18, 2026

The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…

March 18, 2026

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0,…

March 18, 2026

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…

March 18, 2026

The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of…