Recent
Use-after-free vulnerability in ESET security products for Linux
Published 2026-07-16 by ESET
SysBasics Customize My Account for WooCommerce <= 4.4.14 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'row_type' Parameter
Published 2026-07-16 by Wordfence
WPFunnels <= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via 'group_id' Path Parameter
Published 2026-07-16 by Wordfence
WP Bulk Delete <= 1.4.2 - Authenticated (Administrator+) SQL Injection via 'delete_user_roles' Parameter
Published 2026-07-16 by Wordfence
wpForo Forum <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'location' Profile Field
Published 2026-07-16 by Wordfence
Loco Translate <= 2.8.5 - Cross-Site Request Forgery to Remote Code Execution via 'template' Parameter
Published 2026-07-16 by Wordfence
Digits: WordPress Mobile Number Signup and Login <= 9.1.0.5 - Authenticated (Subscriber+) Privilege Escalation via 'digits_reg_userrole' Parameter
Published 2026-07-16 by Wordfence
Joomla Extension - themexpert.com - Unauthenticated SQL injection in Quix Page Builder Pro < 6.2.1
Published 2026-07-16 by Joomla
Local privilege escalation via unauthenticated ALPC in ESET Inspect Connector
Published 2026-07-16 by ESET
Tickera <= 3.6.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute
Published 2026-07-16 by Wordfence
Load more ↓