Recent
WeKnora: SSRF via Redirection
Published 2026-03-07 by GitHub_M
Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting
Published 2026-03-07 by Wordfence
CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters
Published 2026-03-07 by Wordfence
Stock Ticker <= 3.26.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Template
Published 2026-03-07 by Wordfence
MailArchiver <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings
Published 2026-03-07 by Wordfence
MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion
Published 2026-03-07 by Wordfence
Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field
Published 2026-03-07 by Wordfence
JS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute
Published 2026-03-07 by Wordfence
ZIP Code Based Content Protection <= 1.0.2 - Unauthenticated SQL Injection via 'zipcode' Parameter
Published 2026-03-07 by Wordfence
ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial
Published 2026-03-07 by Wordfence
Load more ↓