Security News

Cybersecurity news aggregator

← Back to News Browse all tags

wordpress-plugin

20 articles with this tag

CRITICAL
Critical vulnerability in Burst Statistics plugin allows admin takeover
SC Media • May 15, 2026
 HIGH
Avada Builder WordPress plugin flaws allow site credential theft
BleepingComputer • May 15, 2026
 HIGH
Two vulnerabilities found in popular WordPress plugin Avada Builder
SC Media • May 14, 2026
 HIGH
[webapps] WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
Exploit-DB • May 14, 2026
 HIGH
[webapps] Ninja Forms Uploads - Unauthenticated PHP File Upload
Exploit-DB • May 13, 2026
 CRITICAL
Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin
Wordfence • Apr 13, 2026
 CRITICAL
Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin
Wordfence • Apr 16, 2026
 CRITICAL
Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin
Wordfence • Apr 16, 2026
 CRITICAL
Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin
Wordfence • Apr 13, 2026
 CRITICAL
Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
SecurityWeek • Apr 08, 2026
 HIGH
50,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in Ninja Forms – File Upload WordPress Plugin
Wordfence • Apr 06, 2026
 HIGH
200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin
Wordfence • Apr 02, 2026
 HIGH
200,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in MW WP Form WordPress Plugin
Wordfence • Apr 01, 2026
 MEDIUM
File read flaw in Smart Slider plugin impacts 500K WordPress sites
BleepingComputer • Mar 29, 2026
 MEDIUM
Exploiting a PHP Object Injection in Profile Builder Pro in the era of AI
Reddit r/netsec • Mar 19, 2026
 HIGH
Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks
SecurityWeek • Mar 12, 2026
 HIGH
SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
BleepingComputer • Mar 11, 2026
 HIGH
400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin
Wordfence • Mar 10, 2026
 MEDIUM
CVE-2025-14973: The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter ...
NIST NVD • Jan 26, 2026
 MEDIUM
CVE-2025-14316: The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a paramete...
NIST NVD • Jan 26, 2026