CVE Vulnerabilities - 21 March 2026

The WordPress rexCrawler plugin has a security flaw that allows attackers to inject malicious code into a website. This could happen if an administrator clicks on a link sent by an attacker, potential...

The Comment Genius plugin for WordPress is not properly protecting against malicious code. This means that an attacker could trick a user into clicking on a link, allowing them to inject malicious scr...

The WP-WebAuthn plugin for WordPress has a security flaw that allows attackers to inject malicious code into the plugin's log page, which will run when users view the log. This can happen even if you'...

The iTracker360 plugin for WordPress is vulnerable to a security flaw that allows attackers to inject malicious scripts if an administrator clicks on a link. This can happen if the plugin is version 2...

Older OpenClaw versions lack proper authentication checks for the Control UI pairing process, allowing a malicious user to gain unauthorized access to certain functions. This affects any organization ...

Old versions of OpenClaw have a security mistake that lets attackers on trusted networks access sensitive areas of the HTTP gateway without the usual login requirements. This could let unauthorized pe...

The Discourse discussion platform had a security issue that allowed an attacker to access private messages after being removed from them. This was fixed in recent versions. If you're using an affected...

The ARForms plugin for WordPress allows attackers to execute arbitrary code without a password. This means that a hacker could potentially gain control of your website. Update the plugin to the latest...

An attacker with Admin access can inject malicious scripts into WordPress pages or posts, which can be executed when users visit. This is a serious issue because it can be used to steal user data, ste...

Older versions of OpenClaw's tar.bz2 installer can be tricked into installing malicious files, potentially causing a local denial of service during installation. This affects OpenClaw versions prior t...

A security issue in the Scheduler plugin in AVideo allows administrators to access internal network services, potentially exposing sensitive data. This can happen when a scheduled task is configured w...

Old versions of OpenClaw's ACP client don't properly check who is making requests, allowing attackers to access sensitive data without being authorized. This is a significant concern because it can le...

OpenClaw, a Slack app, has a security issue that allows unauthorized users to send messages to direct messages and channels through system events. This means that attackers can bypass the usual securi...

The Speedup Optimization plugin for WordPress is vulnerable to unauthorized actions by users with Subscriber-level access and above. This means that attackers can enable or disable the plugin's optimi...

The Build App Online plugin for WordPress has a security issue that allows attackers to modify posts without permission. This could cause legitimate authors to lose ownership of their posts or allow a...

The Punnel WordPress plugin for creating landing pages has a security flaw that lets attackers with basic access levels change the plugin's settings, including its API key. This can let attackers crea...

The Appmax WordPress plugin has a security flaw that lets hackers change order and product details. This plugin, used with WooCommerce, allows anyone to send fake requests that can create or alter ord...

The Smarter Analytics plugin for WordPress is affected. If left unpatched, attackers can reset the plugin's configuration and delete analytics settings for all pages and posts without needing a passwo...

The e-shot form builder plugin for WordPress is vulnerable to unauthorized access to sensitive information. If an attacker is logged in with a subscriber account or above, they can extract the e-shot ...

The WP-Chatbot for Messenger plugin has a bug that lets anyone change sensitive settings without logging in. This could allow hackers to take control of your chatbot and redirect conversations to thei...

The REST API TO MiniProgram plugin for WordPress is vulnerable to an attack where an authenticated user, with a Subscriber-level account or higher, can modify arbitrary user data, such as store names ...

A weakness in the Canto WordPress plugin allows unauthenticated attackers to upload any file type, which could be used to spread malware or disrupt the site. This affects all versions of the plugin up...

The AtomChat WordPress plugin is affected by a security issue that allows users with Subscriber-level access or higher to change sensitive settings, like API keys and authentication keys, without perm...

Old versions of OpenClaw's browser container have a security weakness that allows hackers to run malicious code on your computer without needing to break out of the browser's sandbox. This can happen ...

The RepairBuddy plugin for WordPress has a security flaw that allows any authenticated user to change important settings. This is because the plugin doesn't properly check user permissions for making ...