CVE Vulnerabilities - 8 April 2026

The Robo Gallery plugin for WordPress has a security flaw that allows attackers to inject malicious code into web pages. This can happen when an authenticated user with author-level access or above cr...

The pdfl.io plugin for WordPress has a security flaw that allows attackers to inject malicious code into web pages. This can happen if a website using the plugin allows users with certain access level...

An attacker with Contributor-level access and above can inject malicious scripts into the PrivateContent Free plugin for WordPress, which can execute when a user accesses the affected page. This is du...

The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to a security flaw that allows attackers to inject malicious code into pages. This could happen if an authenticated user wit...

The Element Pack Addons for Elementor plugin has a security risk that allows attackers to inject malicious code into SVG files. This can happen if an attacker with contributor-level access uploads a m...

A security weakness in the WowPress plugin for WordPress allows attackers to inject malicious code into certain pages, which can harm users who visit those pages. This affects all versions of the plug...

The Wavr plugin for WordPress is insecure, allowing attackers to inject malicious scripts into pages, which can execute when users access those pages. This affects all versions up to and including 0.2...

An attacker with contributor access can inject malicious scripts into pages that are accessed by other users, potentially allowing them to steal data or take control of user sessions. This affects all...

The Columns by BestWebSoft plugin for WordPress is at risk because an attacker with admin-level access can inject malicious code into pages that will be executed when visited. This can happen if an ad...

The Pinterest Site Verification plugin for WordPress, used in versions up to 1.8, has a security flaw that allows an attacker to inject malicious code into a website. This can harm users who visit the...

A security issue in The Plus Addons for Elementor plugin for WordPress allows authorized users to inject malicious code into website pages. This can happen when a contributor or higher-level user edit...

An attacker with contributor-level access to a WordPress site using the LatePoint plugin can inject malicious code that will run when users visit specific pages, potentially leading to unauthorized ac...

The Prime Slider – Addons for Elementor plugin on WordPress sites is vulnerable to a security risk that allows attackers to inject malicious code. This could allow an attacker with Author-level access...

The LearnPress WordPress plugin has a security flaw that lets attackers inject malicious code into course pages, potentially harming users who visit those pages. This vulnerability affects all version...

The Investi plugin for WordPress is vulnerable to a security risk that allows attackers to inject malicious code into web pages. This can happen when a user with Contributor-level access and above add...

The TableOn WordPress plugin has a security flaw that lets attackers inject malicious code into pages if they have a certain level of access. This could allow them to take control of or disrupt your w...

The Strong Testimonials plugin for WordPress has a security flaw that allows someone with contributor-level access to inject malicious code into pages, which can be executed when users visit those pag...

The LightPress Lightbox plugin for WordPress contains a security flaw that allows attackers with contributor access or above to inject malicious scripts into web pages. This can happen when a user acc...

An attacker with contributor-level access can inject malicious scripts into WordPress pages using the PowerPress plugin's shortcodes. This could potentially allow an attacker to take control of sensit...

The Elementor plugin for WordPress allows attackers to inject malicious code into pages, potentially exposing user data. This vulnerability affects all versions up to 3.35.5. To protect your site, upd...

If you use Tophat, a testing tool for mobile apps, on a Mac, an attacker can trick it into running malicious code on your computer. This can happen if you visit a specially crafted URL, and it can let...

A bug in the Quarkus OpenAPI Generator extension allows attackers who control the ZIP files used for code generation to write files outside the intended directory, which can lead to data being overwri...

A recent issue in CoolerControl's web service allows unauthorized access to data and potential execution of malicious commands. This could lead to unauthorized changes to your system or data theft. Up...

If you use Hono to restrict access to your application, it may incorrectly allow or deny requests from IPv4 clients when they're connected to a system that uses both IPv4 and IPv6. This can happen if ...

Parse Server login endpoint reveals whether a user exists, potentially aiding attackers. This is fixed in versions 9.8.0-alpha.6 and 8.6.74. Update to a patched version to prevent unauthorized user en...