CVE-2026-11392: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in thimpress WP Hotel Booking
The WP Hotel Booking plugin for WordPress contains a reflected cross-site scripting (XSS) vulnerability in the 'check_in_date' and 'check_out_date' parameters. This affects all versions up to and…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

CVE-2025-14773: Cross-Site Scripting Vulnerability in ABB T-MAC Plus (Version 4.0-24)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-M
Critical Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Unauthenticated attackers can exploit CVE-2026-3300 in Everest Forms Pro to inject and execute arbitrary PHP via Complex Calculation, enabli
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor

WAF - WAF Release - 2025-09-08
This week's update This week’s focus highlights newly disclosed vulnerabilities in web frameworks, enterprise applications, and widely deplo

Comments
Sign in to join the conversation.
No comments yet. Be the first.