CVE Vulnerabilities - 21 March 2026

The WebCTRL system sends sensitive information, such as file position and data, without encryption when transmitting updates over the network. This means an unauthorized person with access to the netw...

The Expire Users plugin for WordPress is not secure for users with Subscriber-level access and above. This means that attackers can gain full admin access to the website. To stay safe, update to a sec...

The CMS Commander plugin for WordPress has a security flaw that allows an attacker with a special key to access sensitive information from your database. This could happen if you're running a version ...

The Linksy Search and Replace plugin for WordPress, used in websites, can be exploited by attackers with subscriber-level access to modify any database table, including changing their own role to admi...

Authenticated users with certain permissions can access and control sensitive features in OpenClaw. This means that an attacker with the wrong level of access can still make changes they shouldn't be ...

OpenClaw devices running versions 2026.2.22 to 2026.2.24 are vulnerable to a security issue that allows unpaired devices to access more features than they should. This can happen if an attacker uses a...

The MimeTypes Link Icons plugin for WordPress makes unauthorized requests to websites controlled by users with contributor-level access. This could allow hackers to access internal information and pot...

The Invelity Product Feeds plugin for WordPress is at risk of file deletion by hackers. If an administrator clicks on a malicious link, a hacker could delete any file on the server. To protect your si...

OpenClaw versions prior to 2026.2.21 have a security flaw that lets hackers access the browser without a password. This can happen when a hacker is on the same network as the computer running OpenClaw...

An attacker can impersonate the WebCTRL service if they can bind to the same port, potentially allowing them to send malicious packets. This could happen if the port is not properly secured. To protec...

Old versions of OpenClaw can be tricked into saving files in the wrong place, outside of the workspace, if an attacker creates a special kind of shortcut. This could allow an attacker to write sensiti...

The Quentn WP plugin for WordPress has a security flaw that lets hackers access sensitive information from the database using a cookie. This means that even people who don't have an account can get ac...

The Fonts Manager Custom Fonts plugin for WordPress allows hackers to steal sensitive information from the database without a password. This is because the plugin doesn't properly check user input, al...

Old versions of OpenClaw don't properly clean up environment variables, which could let attackers sneak in malicious code before security checks. This means an attacker could run unauthorized commands...

Versions of OpenClaw prior to 2026.2.22 can be exploited by an attacker to cause memory issues and possible crashes. This is a concern for organizations using OpenClaw, as it could lead to system inst...

Versions of OpenClaw before 2026.3.1 have a security flaw that allows a malicious user to bypass security restrictions when creating new processes. This could lead to unauthorized access and potential...

WebCTRL systems can be vulnerable to fake messages sent over the network, potentially allowing an attacker to control certain devices or disrupt the system. This is because WebCTRL does not verify the...

The Content Syndication Toolkit plugin for WordPress has a security weakness that allows attackers to make unauthorized web requests to any website. This could be used to access sensitive information ...

The Vagaro Booking Widget plugin for WordPress has a security issue that allows hackers to inject malicious code into pages, which can be triggered when a user visits those pages. This can lead to una...

The SurveyJS plugin for WordPress is vulnerable to a security risk where hackers can inject malicious code into the admin panel when survey results are viewed. This can happen when an attacker submits...

The myLinksDump WordPress plugin, used to manage links, is vulnerable to a security weakness that could allow attackers with administrator access to access sensitive information. This means that if an...

The Performance Monitor plugin for WordPress has a security flaw that lets attackers make requests to internal services. This could lead to sensitive data being accessed or systems being compromised. ...

The WowOptin WordPress plugin exposes a security risk that allows hackers to make unauthorized requests to any website or server connected to the plugin, potentially stealing or modifying sensitive in...

A security issue in the Injection Guard plugin for WordPress allows hackers to inject malicious scripts into the admin log page, which can be executed when an administrator views the log. This affects...

Unauthenticated users can determine if a private group member exists, potentially compromising group confidentiality. This affects Discourse versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2...