CVE Vulnerabilities - 21 March 2026

Attackers with WordPress Contributor-level access can inject malicious scripts into pages containing Twitter feeds. This can happen when a user views a page with an injected script. To fix this, updat...

The Hubspot Forms plugin for WordPress allows attackers with high-level access to inject malicious code into pages, which can harm users when accessed. This affects all versions up to 1.2.2. Update to...

The Any Post Slider plugin for WordPress versions up to 1.0.4 has a security flaw that could allow attackers to inject malicious code into websites. If an attacker with Contributor-level access or abo...

The Simple Football Scoreboard plugin for WordPress is at risk because an attacker with sufficient access can inject malicious code into pages, which can be triggered when users visit those pages. Thi...

The Outgrow plugin for WordPress has a security flaw that allows attackers with contributor-level access or higher to inject malicious scripts into web pages. This can happen when a user accesses a pa...

The Go Night Pro plugin for WordPress has a security weakness that lets attackers inject malicious code into web pages. This could allow them to take control of a website and steal sensitive informati...

The Post Flagger plugin for WordPress can be exploited by authorized users with contributor-level access to inject malicious code into pages that will execute when visited, potentially allowing attack...

The iVysilani Shortcode plugin for WordPress has a security weakness that allows attackers to inject malicious code into pages. This can happen if an authenticated user with contributor-level access o...

The WP NG Weather plugin for WordPress is installed on many sites. If an attacker with contributor-level access or higher injects malicious code, it can execute on any page viewed by a user, potential...

An attacker with contributor-level access can inject malicious scripts into pages, which will be executed when users visit those pages. This affects all versions of the Tour & Activity Operator Plugin...

The Schema Shortcode plugin for WordPress has a security flaw that allows attackers with contributor-level access or higher to inject malicious code into pages. This could lead to unexpected behavior ...

A security issue in the PQ Addons – Creative Elementor Widgets plugin for WordPress allows authenticated attackers to inject malicious code into web pages, which can be executed when a user visits the...

The Multi Post Carousel plugin for WordPress is affected by a security weakness that could allow attackers to inject malicious code into pages. This could happen if an authorized user with contributor...

The WPFAQBlock plugin for WordPress is vulnerable to a security threat that allows attackers to inject malicious scripts into website pages. This could happen if an attacker with Contributor-level acc...

The Logo Slider WordPress plugin is affected by a security issue that lets attackers inject malicious code into websites. This can happen when an administrator or higher-level user adds an image with ...

Some versions of OpenClaw are vulnerable to a security risk that lets hackers trick the system into running hidden commands. This can happen when the system is told to run a command from a misleading ...

The Scoreboard for HTML5 Games Lite plugin for WordPress has a security flaw that allows attackers with admin access to inject malicious code into web pages. This could allow them to take control of a...

The Contact List plugin for WordPress is at risk because an attacker with contributor-level access can inject malicious scripts into the plugin's Google Maps field. This could allow the attacker to ta...

The Image Alt Text Manager plugin for WordPress is vulnerable to a security risk that allows attackers to inject malicious scripts into posts. This could allow an attacker to take control of a website...

The Autoptimize plugin for WordPress has a security flaw that allows attackers to inject malicious code into web pages. This can happen if a user with sufficient access rights edits a page with an ima...

The Autoptimize plugin for WordPress is vulnerable to a security threat that could allow attackers to inject malicious code into a website. This means that if an attacker has permission to edit the we...

PbootCMS versions up to 3.2.12 contain a security flaw in their file upload system. This means that a hacker could potentially upload malicious files to your website, which could lead to unauthorized ...

The Alfie – Feed Plugin for WordPress is vulnerable to a security threat that allows hackers to inject malicious code into the plugin's database. This code can be triggered when an administrator click...

The Post Snippits WordPress plugin is at risk because an attacker could trick an administrator into clicking a link, allowing them to change plugin settings and inject malicious scripts. This affects ...

The Itsukaita plugin for WordPress has a security flaw that allows hackers to inject malicious code into the plugin. This could happen if an administrator clicks on a link sent by the hacker. To stay ...