Category: Vulnerabilities

25/03/2026

CVE-2026-24975

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici Library: from n/a through

25/03/2026

CVE-2026-24976

Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through

25/03/2026

CVE-2026-24970

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through

25/03/2026

CVE-2026-24378

Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through

25/03/2026

CVE-2026-24382

Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Magazine X: from n/a through

25/03/2026

CVE-2026-24391

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through

25/03/2026

CVE-2026-24964

Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through

25/03/2026

CVE-2026-24968

Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through

25/03/2026

CVE-2026-24969

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a through

25/03/2026

CVE-2026-24363

Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through <...

25/03/2026

CVE-2026-24364

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through

25/03/2026

CVE-2026-24369

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. More information : https://patchstack.com/database/Wordpress/Plugin/the-grid/vulnerability/wordpress-the-grid-plugin-2-8-0-broken-access-control-vulnerability-2?_s_id=cve

25/03/2026

CVE-2026-24370

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8.0. More information : https://patchstack.com/database/Wordpress/Plugin/the-grid/vulnerability/wordpress-the-grid-plugin-2-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve

25/03/2026

CVE-2026-24372

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerce: from n/a through

Category: Vulnerabilities

CVE-2026-24975

CVE-2026-24976

CVE-2026-24970

CVE-2026-24378

CVE-2026-24382

CVE-2026-24391

CVE-2026-24964

CVE-2026-24968

CVE-2026-24969

CVE-2026-24363

CVE-2026-24364

CVE-2026-24369

CVE-2026-24370

CVE-2026-24372

Recent Posts

Categories

Category: Vulnerabilities

Recent Posts

Categories

Tags