Ravie LakshmananApr 16, 2026Application Security / Threat Intelligence A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform…
Browsing: Plugin
Consent prompt appears even in projects without Vercel configurationPlugin delivers consent requests through system-level instruction injectionBash commands are captured fully,…
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which…
A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow…
Vibe coding WordPress plugins with AI can raise concerns about whether a plugin follows best practices for compatibility and security.…
A vulnerability in the Ally WordPress plugin, which is designed for adding accessibility features to websites, could be exploited to…
An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000…
WordPress contributors have released AI Experiments 0.4.1, adding built-in image generation and AI-assisted review tools directly inside the block editor…
A security advisory was issued for two vulnerabilities affecting the Seraphinite Accelerator WordPress plugin that’s installed in over 60,000 websites. …
Wordfence published an advisory on a vulnerability in the LatePoint – Calendar Booking WordPress Plugin that makes it possible for…