CVE Vulnerabilities - 8 April 2026

A security issue in the Dotstore Extra Fees Plugin for WooCommerce means someone with the right know-how could trick a user into making unintended changes to their store's settings. This affects versi...

The NitroPack software has a flaw in its access control settings. This means that if not configured correctly, an attacker could access sensitive areas of the system. You should review and correct you...

A security weakness in G5theme's Book Previewer for WooCommerce allows unauthorized users to access sensitive information. This affects versions of the plugin from its release up to 1.0.6. To stay sec...

A security issue exists in Korea SNS version 1.7.0 and earlier, allowing hackers to inject malicious code into web pages. This could lead to unauthorized access to user data or actions. Update to the ...

A security issue in Hello Bar Popup Builder allows attackers to inject malicious code into web pages, potentially stealing user data or taking control of a website. This affects versions up to 1.5.1. ...

The SEO Friendly Images plugin for WordPress has a security flaw that allows hackers to inject malicious content into web pages. This could allow them to steal user data or spread malware. Upgrade to ...

An issue in TrueBooker's appointment booking system allows users with incorrect security settings to access areas they shouldn't. This means unauthorized users can potentially view or modify sensitive...

WP Job Manager, a popular job posting plugin for WordPress, has a security issue that allows unauthorized access to certain features. This means that someone with the wrong level of access might be ab...

An error in the Panda Pods Repeater Field plugin allows someone with the wrong security settings to access and possibly modify sensitive data. This issue affects users of Panda Pods Repeater Field plu...

A security weakness in Razorpay for WooCommerce allows unauthorized users to access sensitive areas of the plugin if access control settings are not properly configured. This could allow malicious use...

The WP Simple HTML Sitemap plugin has a security issue that allows attackers to inject malicious code into a website. This can happen when a user visits a website that has this plugin installed and is...

A security issue in Zoom's video conferencing software allows hackers to access unauthorized parts of the system if the access control settings are not properly set up. This could potentially allow an...

A security issue exists in Total Poll Lite versions up to 4.12.0. It allows unauthorized users to access restricted areas due to a mistake in how access control is set up. To fix this, update to a new...

A security issue in Royale News allows unauthorized users to access content that they shouldn't be able to see. This affects Royale News versions up to 2.2.4, so you should update to a fixed version t...

The Sonaar MP3 Audio Player for Music, Radio & Podcast can be tricked into sending requests to any server on the internet, potentially exposing sensitive information. This could lead to unauthorized a...

A security flaw in GlobalPayments WooCommerce allows hackers to trick the system into making unauthorized requests to external servers. This could lead to sensitive data being exposed or malicious act...

Payment plugins for PayPal on WooCommerce stores are vulnerable to unauthorized access due to incorrectly configured security settings. If not addressed, attackers could access sensitive payment infor...

A security weakness in Theme Editor, a plugin used by website owners, allows an attacker to execute malicious code on a website. This could lead to unauthorized actions, such as adding malicious conte...

If an attacker injects malicious code into Qubely, they can steal sensitive information or take control of your website. This is a risk because it allows unauthorized access to your site. Update to Qu...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects L...

A flaw in Grand Portfolio allows hackers to trick users into making unintended changes to the website. This can lead to unauthorized actions being taken on the user's account. Users and administrators...

A security weakness in Grand Blog software makes it possible for attackers to trick users into performing unintended actions on the site. This could happen if a user clicks on a malicious link or open...

WPSchoolPress, a plugin for WordPress, has a security weakness that lets hackers access sensitive data if the access control settings are not correctly set. This means that sensitive information could...

Getty Images has a security issue that allows attackers to trick your server into making requests to unintended websites. This could lead to data theft or other malicious activity. Update Getty Images...

A security weakness in Uminex allows hackers to inject malicious code into web pages, potentially compromising user data and security. This issue affects all versions of Uminex up to and including 1.0...