CVE Vulnerabilities - 11 April 2026

The BlockArt Blocks plugin for WordPress is not properly filtering user input, which can allow attackers to inject malicious scripts into pages. This means that authorized users with administrative ac...

The Optimole plugin for WordPress, used to optimize images, has a security flaw that could allow attackers to execute malicious code on your website. If a user clicks on a link that contains malicious...

An attacker with Subscriber-level access or above can enroll in private courses without permission. This can be done by sending a specific request to the plugin. To fix this, update to a version of Tu...

An attacker can obtain stored credentials for OpenClaw installations by manipulating an OAuth authorization flow. This can happen when a user initiates the flow on their own, allowing an attacker to a...

A weakness in the UsersWP plugin for WordPress lets attackers trick the server into making unauthorized requests to other websites or internal systems, potentially exposing sensitive data. This affect...

An attacker with a basic user account can reorder course content and reassign lessons for any course, including those owned by administrators. This can occur through a specific type of malicious reque...

A security issue in Flatpak's file management system allows malicious apps to delete any file on the host computer. This could allow hackers to delete important system or user files, potentially causi...

A security weakness in Apache's HTTP Server software allows hackers to inject and execute malicious code on a server. This could allow an attacker to take control of a server or steal sensitive inform...