CVE Vulnerabilities - 14 February 2026

The Truelysell Core plugin for WordPress has a security issue that can allow attackers to create admin accounts without logging in. This is a concern for any site using the plugin, as it could give an...

An attacker can upload any file to a WordPress site using the midi-Synth plugin, possibly allowing them to take control of the site. This is due to a lack of file checks in the plugin's export feature...

The Magic Login Mail or QR Code plugin for WordPress stores login information in a publicly accessible location, allowing attackers to potentially take over administrator accounts. This affects all ve...

Older versions of ImapEngine are at risk of being tricked into deleting or reading emails by sending malicious input. This could also allow an attacker to end the user's email session or execute unaut...

The PhotoStack Gallery plugin for WordPress, used in websites with this plugin installed, is at risk of having its database contents exposed to unauthorized access. This is because the plugin does not...

The Flexi Product Slider and Grid for WooCommerce plugin has a security flaw that allows hackers to load any file on the server if they have contributor-level access and can add a special shortcode to...

The BlueSnap Payment Gateway plugin for WooCommerce is vulnerable. Attackers can pretend to be a trusted IP address and manipulate order statuses, such as making payments appear successful or failed. ...

The Super Page Cache plugin for WordPress has a security flaw that could allow hackers to inject malicious scripts into pages, which could be executed when users visit those pages. This could potentia...

The Super Simple Contact Form plugin for WordPress has a security flaw that could allow hackers to inject malicious code into your site. If a user clicks on a link or performs a certain action, they c...

The User Language Switch plugin for WordPress is used by many sites. If not updated, an attacker with high-level access can use this plugin to access sensitive internal data. To protect your site, upd...

The Essential Addons for Elementor plugin for WordPress has a security flaw that allows attackers to inject malicious code into certain pages. This can happen if an attacker with a certain level of ac...

The myCred plugin for WordPress can be exploited by authorized users with contributor access or higher to insert malicious code into web pages. This can happen when a user accesses a specific page wit...

The Press3D plugin for WordPress is affected by a security issue that could allow an attacker to inject malicious scripts into web pages. This could happen if an attacker with Author-level access or h...

The Percent to Infograph plugin for WordPress is at risk of allowing hackers to inject malicious scripts into certain pages. This could happen if a hacker with contributor-level access or higher edits...

The Simple Plyr plugin for WordPress is not secure. Attackers with high-level access can inject malicious code into pages that users visit, allowing them to take control of the site or steal sensitive...

The UpMenu plugin for WordPress has a security flaw that lets authenticated users with contributor-level access or higher inject malicious code into web pages. This can happen when users access certai...

The Sphere Manager plugin for WordPress may allow hackers to inject malicious code into websites, potentially allowing them to steal user data or take control of the site. This is a risk for sites usi...

The Ravelry Designs Widget plugin for WordPress is vulnerable to a security risk. An attacker with contributor-level access or higher can inject malicious scripts into pages, which can be executed whe...

The QuestionPro Surveys plugin for WordPress has a security flaw that allows attackers to inject malicious code into survey pages. This can happen when an authenticated user with sufficient access edi...

If you have the ZoomifyWP Free plugin installed, an attacker with contributor-level access or higher can inject malicious code into your website. This can happen if an attacker is able to add a specia...

The Best-wp-google-map plugin for WordPress is at risk if you have a contributor or above user with malicious intent. They can inject malicious scripts into your website that will run when users visit...

A security flaw in the Payment Page | Payment Form for Stripe plugin for WordPress allows attackers with certain permissions to inject malicious code into web pages. This could potentially allow them ...

The Chatbot for WordPress plugin, used to add chat functionality to websites, has a security flaw that lets attackers inject malicious code into posts. This could allow them to run scripts on your sit...

The MasterStudy LMS WordPress Plugin for creating online courses is vulnerable to a security flaw that lets attackers inject malicious code into pages, potentially allowing them to take control of a s...

The WP Data Access plugin for WordPress is affected by a security flaw that could allow attackers with contributor-level access to inject malicious scripts into pages. This could happen when a user vi...