CVE-2026-15298: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pechenki TelSender – Сontact form 7, Events, Wpforms, ninja forms and woocommerce to telegram bot
The TelSender WordPress plugin is vulnerable to a DOM-Based Cross-Site Scripting (XSS) flaw in all versions up to and including 1.14.14. This vulnerability arises from insufficient sanitization of…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2025-06-09
This week’s update spotlights four critical vulnerabilities across CMS platforms, VoIP systems, and enterprise applications. Several flaws e

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

WAF - WAF Release - 2025-07-14
This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambig

WAF - WAF Release - 2026-03-12 - Emergency
This week's release introduces new detections for vulnerabilities in Ivanti Endpoint Manager Mobile (CVE-2026-1281 and CVE-2026-1340), along

Comments
Sign in to join the conversation.
No comments yet. Be the first.