CVE-2026-15070: CWE-352 Cross-Site Request Forgery (CSRF) in wordpresschef Salon Booking System – Free Version
The Salon Booking System – Free Version WordPress plugin is vulnerable to a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to and including 10.30.32. The vulnerability arises from…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

WAF - WAF Release - 2025-08-25
This week's update This week, critical vulnerabilities were disclosed that impact widely used open-source infrastructure, creating high-risk

Comments
Sign in to join the conversation.
No comments yet. Be the first.