CVE Vulnerabilities - 8 April 2026

A security issue in the nmerii NM Gift Registry and Wishlist Lite software allows unauthorized users to access sensitive data. This affects versions up to 5.13, and it's essential to upgrade to a fixe...

A software flaw in RepairBuddy allows hackers to extract sensitive information from data sent to a computer repair shop. This could put customers' personal data at risk. Update to the latest version o...

A security weakness in Booktics allows unauthorized access to sensitive data when access control is incorrectly configured. This affects versions of Booktics from unknown to 1.0.16. To protect your da...

MagePeopleTeam's Bus Ticket Booking with Seat Reservation software contains a flaw that allows unauthorized access to sensitive information. This issue affects users who have not updated to version 5....

An older version of Instantio (up to 3.3.30) may allow unauthorized access to sensitive data. This means that someone could potentially see confidential information without permission. To protect your...

A security issue in AA Web Servant 12 Step Meeting List allows sensitive information to be accessed by unauthorized users. This affects versions 3.19.9 and earlier. To protect your data, update to the...

DirectoryPress, a WordPress plugin, stores sensitive system information in a way that allows unauthorized users to access it. This means that attackers can potentially gain information about your syst...

A security flaw in Sunshine Photo Cart software allows malicious actors to access sensitive information sent with data. This affects users of Sunshine Photo Cart versions prior to 3.6.2. To protect yo...

A security issue exists in BoldGrid Client Invoicing by Sprout Invoices. If access controls are not set up correctly, an attacker may be able to view or manipulate sensitive client invoices. Update to...

An attacker can access and read local files on your server using LabtechCO theme, which could lead to sensitive information being exposed. This affects versions 8.3 and below. Update to the latest ver...

Doofinder for WooCommerce, a search plugin, stores sensitive customer information in plain text. This means that if an attacker gains access to the plugin's data, they could potentially see this sensi...

A security issue in Mikado Core allows an attacker to access sensitive files on your server. This means a hacker could potentially view or steal confidential data. To fix this, update to the latest ve...

A flaw in WP Chill RSVP and Event Management allows unauthorized access to sensitive data, such as registration information and event details, which could be used for malicious purposes. This issue af...

A security issue in Display Eventbrite Events widget-for-eventbrite-api means that access control settings are not being followed. This could allow unauthorized access to certain events. If you use th...

A misconfigured security setting in WpStream can allow unauthorized access to certain features. This issue affects versions of WpStream prior to 4.11.2. To fix this, update to the latest version of Wp...

A security flaw in Nelio Content allows an attacker to trick the software into making unintended server requests, potentially leading to sensitive data exposure or unauthorized access. This affects Ne...

WeDocs, a document management plugin, has a security issue that allows unauthorized users to access sensitive content. This means that users who shouldn't have access to certain documents might be abl...

A security issue in Nexter Blocks Addons for Block Editor allows unauthorized access to sensitive data. This affects users of Nexter Blocks versions 4.7.0 and earlier. Update to the latest version to ...

A security weakness in the WP Chill Image Photo Gallery allows hackers to view images they shouldn't be able to see if the access controls are not set up correctly. If you use this plugin, make sure t...

Directorist, a WordPress plugin for creating directories, has a security weakness that allows unauthorized access to certain features. This could lead to sensitive information being accessed or modifi...

The Jordy Meow AI Engine Pro is not properly controlling who has access to its settings. This means that someone with the wrong settings in place can gain access to parts of the system they shouldn't ...

A security issue in InstaWP Connect means that some users may be able to access data they shouldn't. This is because the way access control is set up in the software is not strict enough. You should u...

Themesflat Addons for Elementor Themesflat themes may allow hackers to inject malicious code into a website. This could lead to unauthorized actions being taken on the site, compromising user data and...

A security issue in YayMail, a plugin for YayCommerce, allows hackers to access sensitive data without being detected. This means that attackers can potentially view or modify data they shouldn't have...

A security setting in SureCart has been incorrectly configured, allowing unauthorized access to sensitive information. If not fixed, this could allow attackers to access areas they shouldn't be able t...