- March 18, 2026The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
- March 18, 2026The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to…
- March 18, 2026The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode…
- March 18, 2026The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to…
- March 18, 2026The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up…
- March 18, 2026The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions…
- March 18, 2026The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions…
- March 18, 2026The InteractiveCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interactivecalculator' shortcode in all…
- March 18, 2026The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing…
- March 18, 2026The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,…
- March 18, 2026The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_events' shortcode in all…
- March 18, 2026The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions…
- March 18, 2026The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up…
- March 18, 2026The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.…
- March 18, 2026The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ce_venue_name' parameter in all versions up…
- March 18, 2026The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and…
- March 18, 2026The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability…
- March 18, 2026The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in…
- March 18, 2026The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
- March 18, 2026The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to…
