CVE Vulnerabilities - 14 February 2026

The Citations Tools plugin for WordPress is not properly checking code entered by users. This means that attackers could inject malicious code into pages, which could be triggered when a user visits t...

The Simple Wp Colorfull Accordion plugin for WordPress has a security flaw that lets attackers inject malicious code into pages. This can happen when an attacker with contributor or higher access edit...

The StyleBidet WordPress plugin is vulnerable to a security flaw that allows attackers to inject malicious scripts into a website. This can happen if a user clicks on a link or visits a specific URL. ...

The Address Bar Ads plugin for WordPress is not properly filtering links, which means hackers can inject malicious code into websites. If a user clicks on a manipulated link, their computer could be i...

Malicious code can be injected into WordPress sites using the Geo Widget plugin if all users visit a specially crafted URL. This could allow an attacker to steal sensitive information or take control ...

The Personal Authors Category plugin for WordPress has a security weakness that allows hackers to inject malicious code into websites. This means that visitors to the site may be tricked into performi...

An attacker with administrator access can inject malicious scripts into the WordPress site. This can happen when an administrator or user views a manipulated voice message. To fix, update the Easy Voi...

The Scheduler Widget plugin for WordPress has a security flaw that allows hackers to take control of events. This means that attackers can modify or delete any event, even if they aren't the owner. Up...

The Accordion and Accordion Slider plugin for WordPress, in versions 1.4.5 and earlier, allows attackers with contributor-level access to read and modify file metadata, including file paths and captio...

The CallbackKiller plugin for WordPress can be exploited by attackers to change site settings without permission. This is because the plugin's security check was overlooked in earlier versions, making...

A security issue in the MailChimp Campaigns plugin for WordPress lets attackers with Subscriber-level access or higher disconnect a website from its MailChimp integration, disrupting automated email c...

The WPGuppy plugin for WordPress allows unauthorized users to view private chat messages. This is because the plugin doesn't properly check who is making requests to its internal API. To fix this, upd...

A security issue in the Bookr plugin for WordPress allows unauthorized users to change the status of appointments. This means that anyone can modify the status of any appointment, which could lead to ...

The WP Last Modified Info plugin for WordPress is insecure, allowing an attacker with Author-level access to modify the last modified date of any post, including those created by Administrators. This ...

The Easy Form Builder plugin for WordPress contains a security flaw that lets attackers access sensitive user data, such as form responses and personal info, even if they don't have permission to do s...

An outdated version of the StickEasy Protected Contact Form plugin for WordPress stores sensitive information in a publicly accessible file. This means that anyone can download the file and see visito...

The Sonaar WordPress plugin for music players has a security flaw that lets attackers with special permissions access sensitive information on your website. This could allow them to see or change data...

The Mail Mint plugin for WordPress is open to attacks by attackers with administrator access. If an attacker with admin rights uses the plugin's API, they can potentially inject malicious SQL code, le...

The BFG Tools – Extension Zipper plugin for WordPress has a security flaw that lets an attacker with administrator access read sensitive files. This can happen if an attacker knows the plugin's intern...

The User Language Switch plugin for WordPress has a security flaw that lets attackers with administrator access inject malicious code into pages. This only affects WordPress sites with multiple langua...

An attacker with admin-level access can inject malicious code into category descriptions, which can affect users who view those categories. This only applies to multi-site WordPress installations wher...

A security issue in the Link Hopper plugin for WordPress allows hackers to inject malicious code into sites running the plugin. This can happen if an attacker has administrator-level access and can ex...

The WordPress AMP Plugin allows attackers to inject malicious code into web pages if they have Administrator-level access. This only happens on multi-site WordPress installations where certain securit...

An attacker with Author-level access or higher can delete or rename attachments owned by other users, including administrators, which can result in data loss. This affects all versions of the Media Li...

The Modula Image Gallery plugin for WordPress has a security issue that allows authorized users to update posts they shouldn't be able to edit. This means users with contributor level access or higher...