Alerts

The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all...

The YouTube Playlists with Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yt_grid' shortcode in all versions up to, and including, 2.6.1...

The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in...

The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the...

The Store Locator Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'storelocatorwidget' shortcode in all versions up to, and including,...

The Responsive Flickr Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fshow' shortcode in all versions up to, and including, 2.6.1 due...

The Coaching Staffs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mstw-cs-table' shortcode in all versions up to, and including, 1.4 due to...

The Cosmic Blocks (40+) Content Editor Blocks Collection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cwp_social_share' shortcode in all...

The Categorized Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' attribute of the 'image_gallery' shortcode in all versions up to, and...

The Widget BUY.BOX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buybox-widget' shortcode in all versions up to, and including, 3.1.5 due to...