Mar 22, 2026 CVE-2025-13997: Unauthenticated API Key Disclosure in King Addons for Elementor A King Addons for Elementor issue where API keys were exposed in rendered page source.
Feb 18, 2026 CVE-2025-13587: Two-Factor Authentication Bypass in Two Factor via Email A WordPress 2FA plugin issue where token handling could let a user skip the email second factor.
Jun 27, 2024 CVE-2024-6288: Reflected XSS in Conversios WooCommerce Tracking A reflected cross-site scripting issue in the Conversios WooCommerce tracking plugin.
Jan 11, 2024 CVE-2023-6875: POST SMTP Mailer Authorization Bypass to Admin Account Takeover My POST SMTP Mailer authorization bypass finding, the proof-of-concept flow, and why the impact was high.
Jan 3, 2024 CVE-2023-7048: CSRF to Contact Lead Export in My Sticky Bar A My Sticky Bar CSRF issue that could trigger contact lead CSV export from an administrator's browser.