Skip to main content

EventON WordPress Plugin SQL Injection Exposes Database Contents (CVE-2026-9711)

Scope: EventON WordPress Plugin (Versions Affected, Exact Range Unspecified in Source Material)

Open VSX Registry Stored XSS Enables Supply Chain Attack Against VS Code, Cursor, and Windsurf (CVE-2026-13323)

Scope: Open VSX Registry Versions Prior to 1.0.2 (Affects VS Code, VSCodium, Cursor, Windsurf, and O

RegistrationMagic WordPress Plugin CSRF to Privilege Escalation Granting Admin Access (CVE-2026-12158)

Scope: RegistrationMagic Plugin Versions up to and Including 6.0.9.1

nginx-proxy-manager Prototype Pollution via JSON Parser Enables Unauthenticated RCE (CVE-2026-13228)

Scope: nginx-proxy-manager-2-rootfs Package Versions Prior to 2.13.1-r0

Download Manager WordPress Plugin Authenticated Stored XSS via Shortcode Attribute (CVE-2026-13733)

Scope: Download Manager WordPress Plugin Versions up to and Including 3.3.60

Custom Payment Gateways for WooCommerce Unauthenticated Stored XSS in Checkout Fields (CVE-2026-7517)

Scope: Custom Payment Gateways for WooCommerce Plugin Versions up to and Including 2.1.0

NEX-Forms WordPress Plugin Unauthenticated Stored XSS via Form Field Name (CVE-2026-12142)

Scope: NEX-Forms Ultimate Forms Plugin for WordPress Versions up to and Including 9.2.2

Subscribe to Advisories