- March 18, 2026The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all…
- March 18, 2026The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpda_app' shortcode in all…
- March 18, 2026The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including,…
- March 18, 2026The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
- March 18, 2026The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'show_sphere_image' shortcode…
- March 18, 2026The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode…
- March 18, 2026The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and…
- March 18, 2026The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
- March 18, 2026The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
- March 18, 2026The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the…
- March 18, 2026The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' parameter in the 'plyr' shortcode…
- March 18, 2026The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to,…
- March 18, 2026The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a…
- March 18, 2026The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode…
- March 18, 2026The BFG Tools – Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and…
- March 18, 2026The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to…
- March 18, 2026The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due…
- March 18, 2026The JetEngine plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.8.0 due to…
- March 18, 2026The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including,…
- March 18, 2026The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to unauthorized access due to a missing…
