- March 18, 2026The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and…
- March 18, 2026The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5.…
- March 18, 2026The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions…
- March 18, 2026The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'redirect_to' parameter in all versions up…
- March 18, 2026The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions…
- March 18, 2026The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability…
- March 18, 2026The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in…
- March 18, 2026The Popup Box – Easily Create WordPress Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
- March 18, 2026The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to…
- March 18, 2026The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and…
