CVE-2026-15292: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tibouille Sudoku Shortcode
The Sudoku Shortcode plugin for WordPress up to version 1.0.0 is vulnerable to a stored Cross-Site Scripting (XSS) flaw via the 'background' parameter in the 'sudoku-sc' shortcode. This vulnerability…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor

CVE-2025-14773: Cross-Site Scripting Vulnerability in ABB T-MAC Plus (Version 4.0-24)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-M
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo
Critical Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Unauthenticated attackers can exploit CVE-2026-3300 in Everest Forms Pro to inject and execute arbitrary PHP via Complex Calculation, enabli

WAF - WAF Release - 2025-06-09
This week’s update spotlights four critical vulnerabilities across CMS platforms, VoIP systems, and enterprise applications. Several flaws e

Comments
Sign in to join the conversation.
No comments yet. Be the first.