CVE Vulnerabilities - 21 March 2026

The Pre* Party Resource Hints plugin, used in WordPress sites, has a security flaw that lets hackers with Subscriber-level access steal sensitive information from the database. This is because the plu...

The Task Manager plugin for WordPress is vulnerable to attacks from authenticated users with Subscriber-level access or higher, allowing them to execute malicious code on the site. This can happen if ...

The Hr Press Lite plugin for WordPress stores employee data insecurely. This means that any authorized user can see sensitive information about coworkers, including names, contact details, and salary....

The ElementCamp plugin for WordPress has a security flaw that allows attackers to extract sensitive information from the database. Anyone with Author-level access or above can exploit this issue, whic...

An attacker can create a vendor account on your website without permission, gaining access to sensitive areas of your store. This could allow them to manage products, orders, and other vendor function...

The Task Manager plugin for WordPress can allow an attacker with a subscriber account or higher to read sensitive files on the server. This could lead to the exposure of confidential information. Upda...

Authenticated attackers with admin access can make external requests and access response data. This could allow them to steal sensitive information or disrupt third-party services. Update to version 1...

An attacker with local access to your system can use OpenClaw's browser trace and download feature to write files outside the intended directory, potentially overwriting important system files. This c...

If you're using OpenClaw versions prior to 2026.2.23, an attacker could potentially send old or duplicate Twilio event messages, causing your system to handle calls incorrectly or become corrupted. Th...

OpenClaw users are at risk of executing malicious files on their systems if an attacker manipulates a symbolic link. This can happen if a user approves a job with a validated path, but the actual path...

The WP Random Button plugin for WordPress is affected. If an attacker with Contributor-level access or higher injects malicious code into pages, it can be executed when users visit those pages. To pro...

A security issue in the Fyyd Podcast Plugin for WordPress allows attackers with Contributor-level access to inject malicious code into podcast pages. This could happen when a user views a page with a ...

The Ecover Builder For Dummies plugin for WordPress has a security flaw that can allow hackers to inject malicious scripts into pages. This could potentially harm website users. Update to the latest v...

If an attacker with contributor access edits the 'donate' shortcode, they can inject malicious scripts that will run on any page a user views. This can happen if you use the affected plugin version on...

The Ad Short plugin for WordPress is used by attackers to inject malicious scripts into pages. This can happen when a user with contributor access or higher edits a page with an 'ad' shortcode. To fix...

The Show Posts list plugin for WordPress is vulnerable to a security flaw that allows attackers with contributor-level access or higher to inject malicious scripts into web pages. This can happen when...

The Text Toggle plugin for WordPress is vulnerable to a security flaw that allows attackers to inject malicious code into website pages. This can happen when a user with Contributor-level access or hi...

The WP Games Embed plugin for WordPress is vulnerable to a security threat that allows attackers to inject malicious scripts into web pages. This could happen if an authorized user with contributor ac...

The Sheets2Table plugin for WordPress is vulnerable to a security threat that allows attackers to inject malicious code into web pages. This can happen when an authenticated user with Contributor-leve...

The Paypal Shortcode plugin for WordPress can be exploited by authenticated users with Contributor-level access to inject malicious scripts on certain pages, potentially affecting the security of your...

This affects all versions up to 1.2.1 of the Sherk Custom Post Type Displays plugin for WordPress. If an attacker with contributor-level access edits a post, they can inject malicious scripts that wil...

The MinhNhut Link Gateway plugin for WordPress is at risk because an attacker with a certain level of access can inject malicious code into pages. This could potentially let an attacker take control o...

The Ed's Social Share plugin for WordPress, used in sites with contributor-level access and above, is vulnerable to a security flaw that allows attackers to inject malicious scripts into web pages. Th...

The Ed's Font Awesome plugin for WordPress is vulnerable to a security threat that lets attackers inject malicious scripts into website pages. This can happen when an attacker with contributor access ...

The FuseDesk plugin for WordPress allows attackers with contributor-level access to inject malicious code into pages, which can execute when users visit those pages. This can lead to unauthorized acti...