- March 18, 2026The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions…
- March 18, 2026The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode…
- March 18, 2026The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wplyr_accent_color' parameter in all versions…
- March 18, 2026The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,…
- March 18, 2026The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all…
- March 18, 2026The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all…
- March 18, 2026The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due…
- March 18, 2026The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions…
- March 18, 2026The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[labb_pricing_item]` shortcode's `title`…
- March 18, 2026The TP2WP Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Watched domains' textarea on the attachment…
- March 18, 2026The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to…
- March 18, 2026The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_label' parameter in the…
- March 18, 2026The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
- March 18, 2026The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up…
- March 18, 2026The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check…
- March 18, 2026The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_reservation shortcode in…
- March 18, 2026The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up…
- March 18, 2026The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
- March 18, 2026The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and…
- March 18, 2026The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up…
