CVE Vulnerabilities - 21 March 2026

The RepairBuddy plugin for WordPress has a security flaw that allows any authenticated user to change important settings. This is because the plugin doesn't properly check user permissions for making ...

A security flaw in the EmailKit plugin for WordPress allows attackers with Administrator-level access to read sensitive files on the server, such as passwords and configuration settings. This is due t...

Non-staff users with extra privileges can view posts that have been deleted by others. This affects users of certain Discourse versions and can be fixed by updating to a patched version.

Versions of OpenClaw's BlueBubbles plugin before 2026.2.21 have a security flaw that allows attackers to send fake messages without logging in. This can happen when the plugin is set up behind certain...

Old versions of OpenClaw may allow a malicious user to trick an approver into running a different command than what they thought they approved. This could happen if the attacker can influence the comm...

The Review Map by RevuKangaroo plugin for WordPress has a security flaw that allows attackers to inject malicious code into website pages. This can happen when an administrator with elevated access ed...

An attacker with admin access can inject malicious code into a WordPress site's pages, potentially allowing them to take control of the site. To fix this, update the Wikilookup plugin to a version hig...

The Comment SPAM Wiper plugin for WordPress has a security issue that could allow an attacker with high-level access to inject malicious code into your site. This affects multi-site installations or s...

The Ricerca search plugin for WordPress has a security flaw that allows attackers to inject malicious scripts into certain pages on affected sites. This can happen if an attacker has administrator-lev...

The Reward Video Ad plugin for WordPress fails to properly filter user input, allowing attackers with Administrator-level access to inject code into web pages. This could lead to unauthorized actions ...

The Weaver Show Posts plugin for WordPress has a security flaw that allows attackers with Administrator-level access to inject malicious scripts into pages. This can happen when an administrator adds ...

The Mandatory Field plugin for WordPress can be exploited by attackers with admin-level permissions to inject malicious code into pages, which can be executed when users access them. This affects mult...

A security flaw in the Survey plugin for WordPress (all versions up to 1.1) allows attackers with admin permissions to inject malicious code on certain pages, potentially affecting multi-site installa...

The Keep Backup Daily plugin for WordPress is vulnerable to a type of attack that allows an attacker to inject malicious code into backup titles. This can happen if an attacker has Administrator-level...

Attackers can inject malicious code into PbootCMS versions up to 3.2.12, potentially taking control of user sessions or stealing sensitive information. This could happen if a user clicks on a maliciou...

The Fakturama plugin for WordPress can be tricked into changing its settings by an attacker. This can happen if a site administrator clicks on a malicious link. Update to the latest version to fix the...

The Xhanch - My Advanced Settings plugin for WordPress has a security flaw that lets attackers change settings without permission. This could happen if an administrator clicks on a malicious link. We ...

The Lobot Slider Administrator plugin for WordPress is not properly securing its settings page, allowing attackers to trick an administrator into changing the plugin's configuration without their know...

The UiPress lite plugin for WordPress is vulnerable to unauthorized changes to its settings by users with Subscriber-level access or higher. This means that an attacker could alter the plugin's settin...

An issue in the LinkedIn plugin for WordPress allows users with Subscriber-level access and above to delete LinkedIn post data. This data is stored in the site's options table. Affected users should u...

The WordPress Login Register plugin has a security weakness that could let hackers inject malicious code into your website. This could happen if an administrator clicks on a fake link sent by the hack...

The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is at risk because of a security weakness. This means an attacker could trick a site administrator into making changes to the...

The SR WP Minify HTML plugin for WordPress is not secure, allowing attackers to trick site administrators into changing plugin settings. This can happen through a fake link or email, and can lead to u...

The Redirect Countdown plugin for WordPress is vulnerable to attacks that can let hackers change plugin settings without permission. This could allow them to change the countdown timer, where it redir...

The WP Posts Re-order plugin for WordPress is not secure. An attacker could trick a site administrator into clicking a link, allowing them to change important settings like what posts are displayed an...