Missing Authorization in Booking Calendar Contact Form Plugin
Overview of CVE-2026-6810 A missing authorization vulnerability affects the Booking Calendar Contact Form plugin. This flaw has a…
Category
Security
MaxiBlocks Builder Arbitrary File Upload Vulnerability
Attackers can upload malicious files through MaxiBlocks Builder. This puts your WordPress site at risk. You need to…
Critical Arbitrary File Upload in Drag and Drop File Upload for Contact Form 7 Plugin
# CVE-2026-5364: Critical Arbitrary File Upload in Drag and Drop File Upload for Contact Form 7 Plugin (CVSS…
PHP Supply Chain Attack: Backdoor Discovered in Popular Composer Package
A supply chain attack targeting the PHP ecosystem has been discovered this week. Security researchers found a backdoor…
CrawlerX Botnet Evolves: New Variant Targets WooCommerce Sites
Security researchers have identified a new variant of the CrawlerX botnet that specifically targets WooCommerce sites. The latest…
CVE-2025-13456: Reflected XSS in ShopBuilder WooCommerce Plugin (CVSS 6.1)
A Reflected Cross-Site Scripting vulnerability has been discovered in the ShopBuilder WordPress plugin for WooCommerce. Tracked as CVE-2025-13456…
CVE-2025-13153: Stored XSS in Logo Slider WordPress Plugin (CVSS 6.1)
A Cross-Site Scripting (XSS) vulnerability has been discovered in the Logo Slider WordPress plugin. Tracked as CVE-2025-13153 with…
CVE-2025-12685: CSRF Vulnerability in WPBookit Plugin Allows Customer Deletion
CVE-2025-12685 WPBookit CSRF Privilege Escalation. A Cross-Site Request Forgery (CSRF) vulnerability affects the WPBookit WordPress plugin. Tracked as…
CVE-2025-14047: Unauthorized Data Loss in WP User Frontend Plugin
CVE-2025-14047 WP User Frontend SQL Injection. An unauthorized data loss vulnerability affects the WP User Frontend plugin for…
CVE-2025-14428: Missing Capability Check in My Sticky Elements Plugin
A missing capability check vulnerability affects the My Sticky Elements plugin for WordPress. Tracked as CVE-2025-14428 with a…