Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 7 March 2026

RSS

680 vulnerabilities published on 7 March 2026

Severity:
MailArchiver Plugin for WordPress Allows Malicious Code Injection
CVE-2026-2721
The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.4.0 due ...
4.8
LotekMedia Popup Form plugin for WordPress: Malicious Code Injection Risk
CVE-2026-2420
The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and includi...
4.4
Carta Online plugin for WordPress: Stored XSS via admin settings
CVE-2026-1071
The Carta Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.13.0 due...
4.4
Netmaker allows non-admins to access WireGuard private keys
CVE-2026-29196 GHSA-4hgg-c4rr-6h7f
Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wire...
8.7
Guardian News Feed plugin for WordPress: API key theft risk
CVE-2026-1087
The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to miss...
4.3
Font Pairing Preview Plugin Allows Unauthenticated Settings Changes
CVE-2026-1086
The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3....
4.3
True Ranker plugin for WordPress allows hackers to disconnect admin accounts
CVE-2026-1085
The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing n...
4.3
Purchase Button For Affiliate Link plugin allows attackers to change settings
CVE-2026-1073
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. T...
4.3
Malicious users can delete other users' uploaded photos in Wallos
CVE-2026-30842
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, Wallos allows an authenticated user to delete avatar fi...
4.3
Wallos: Unsecured external URL redirection possible
CVE-2026-30839
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the targ...
5.3
ProfileGrid plugin allows attackers to manipulate group memberships
CVE-2026-2494
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and in...
4.3
ProfileGrid Plugin on WordPress Allows Message Deletion by Anyone with Subscriber Access
CVE-2026-2488
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capabilit...
4.3
Unauthorized access to WordPress plugin's API settings possible
CVE-2026-1981
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a mis...
4.3
WP Frontend Profile plugin for WordPress: Approval of fake user accounts
CVE-2026-1644
The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to m...
4.3
Parse Server allows unauthorized access to sensitive files
CVE-2026-30848 GHSA-hm3f-q6rw-m6wh
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the...
6.3
Freedom Factory dGEN1 Token Balance Data Exposure
CVE-2026-3671
A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the compo...
1.9
Mendi Neurofeedback Headset V4: Sensitive Info Leaked Over Local Network
CVE-2026-2671
A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth ...
2.3
Freedom Factory dGEN1: Unsecured Access to Android Ethereum Feature
CVE-2026-3668
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.web...
2.3
Soroban: Muxed address conversions can cause contract failures
GHSA-pm4j-7r4q-ccg8
### Summary Soroban host ensures that `MuxedAddress` objects can't be used as storage keys in order to proactively prevent the contract logic bugs. H...
1.7
Valkey Update: Fixes Security Risks and Performance Issues
SUSE-SU-2026:0848-1
This update for valkey fixes the following issues: Update to version 8.0.7. Security issues fixed: - CVE-2025-67733: data tampering and denial of s...
CGA-r8wc-cfj6-3c4v
CGA-r8wc-cfj6-3c4v
Windows 10: Unpatched Printer Driver Allows Malicious Print Jobs
Adobe Reader and Acrobat: Malicious File Execution
MINI-w349-8q8x-c8hw
MINI-qc6g-6v9w-8v7h
MINI-qc6g-6v9w-8v7h
Apache HTTP Server cross-site scripting vulnerability
MINI-v4f9-vw8q-3hgw
6 Mar 2026 All days 8 Mar 2026