3 Critical WordPress Plugin Vulnerabilities Patched in Just 9 Days
3 Critical WordPress Plugin Vulnerabilities Patched in Just 9 Days The WordPress security landscape has seen an intense…
Category
CVE
Security vulnerability reports and CVE analysis for WordPress plugins, themes, and core.
CVE-2026-7567 – Critical Authentication Bypass in Temporary Login Plugin (CVSS 9.8)
CVE-2026-7567 – Critical Authentication Bypass in Temporary Login Plugin (CVSS 9.8) A critical vulnerability has been discovered in…
CVE-2025-7384: PHP Object Injection in Database for Contact Form 7 Plugin (CVSS 9.8)
A critical PHP Object Injection flaw (CVE-2025-7384, CVSS 9.8) in the Database for Contact Form 7, WPforms, and…
Critical Arbitrary File Move in MW WP Form Plugin
Introduction The MW WP Form plugin helps WordPress site owners build custom forms. It supports file uploads, data…
Reflected XSS in reCaptcha by WebDesignBy Plugin
A cross-site scripting vulnerability affects reCaptcha by WebDesignBy. This WordPress plugin adds Google reCAPTCHA to your forms. CVE-2026-4512…
Stored Cross-Site Scripting in Social Rocket Plugin
Overview of CVE-2026-1923 A stored Cross-Site Scripting vulnerability affects the Social Rocket plugin. This flaw has a CVSS…
Missing Authorization in HT Mega Addons for Elementor
A missing authorization vulnerability affects HT Mega Addons for Elementor. This WordPress plugin has over 200,000 active installations.…
Stored Cross-Site Scripting in ITERAS Plugin
Overview of CVE-2026-4078 A stored Cross-Site Scripting vulnerability affects the ITERAS plugin. This flaw has a CVSS score…
Royal Elementor Addons CSRF Vulnerability
Attackers can trick admins into changing plugin settings in Royal Elementor Addons. This CSRF flaw lets attackers perform…
Stored XSS in WP Store Locator Plugin
A stored cross-site scripting vulnerability affects WP Store Locator. This WordPress plugin helps businesses display store locations. CVE-2026-3361…