DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts

Using a 1930s trade law, Homeland Security targeted the man—who hasn’t entered the US in more than a decade—following posts on X condemning the killings of Renee Good and Alex Pretti...

WordPress Responsive Plus plugin < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Responsive Plus versions 3.4.3...

sign-alex (=1.0.1) potentially affected by CVE-2026-29053 via ghost (=1.26.2)

ghost NPM version =1.26.2 is affected by a known vulnerability. The following packages have a transitive dependency on ghost and may be impacted: - sign-alex =1.0.1 Source cves: CVE-2026-29053 Source advisory: OSV:GHSA-CGC2-RCRH-QR5X...

The Instant Smear Campaign Against Border Patrol Shooting Victim Alex Pretti

Within minutes of the shooting, the Trump administration and right-wing influencers began disparaging the man shot by a federal immigration officer on Saturday in Minneapolis...

CVE-2026-1070

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

CVE-2026-1070

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

CVE-2026-1070 Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

CVE-2026-1070

CVE-2026-1070 refers to the WordPress plugin “Alex User Counter” (versions

WordPress Alex User Counter plugin <= 6.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alex User Counter versions = 6.0...

PT-2026-4578

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alex user counter function function. This makes it possible for unauthenticated attackers to update the plugin settings...

WordPress plugin Alex User Counter has a vulnerability related to cross-site request forgeing.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2023-25994

Cross-Site Request Forgery CSRF vulnerability in Alex Benfica Publish to Schedule plugin = 4.4.2 versions...

WordPress HandL UTM Grabber / Tracker plugin < 2.8.1 - Reflected XSS via utm_source vulnerability

Reflected XSS via utmsource vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin HandL UTM Grabber versions 2.8.1...

PT-2025-50016

Cross-Site Request Forgery CSRF vulnerability in Alex Prokopenko / JustCoded Just TinyMCE Custom Styles just-tinymce-styles allows Cross Site Request Forgery.This issue affects Just TinyMCE Custom Styles: from n/a through = 1.2.1...

WordPress Houzez plugin <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Alex Thomas - Wordfence in WordPress Theme Houzez versions = 4.1.6...

WordPress Alex Reservations: Smart Restaurant Booking plugin <= 2.2.3 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Alex Reservations versions = 2.2.3...

CVE-2025-12399

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, wi...

EUVD-2025-38369

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, wi...

CVE-2025-12399

Summary: CVE-2025-12399 affects the WordPress plugin “Alex Reservations: Smart Restaurant Booking” up to version 2.2.3. The vulnerability stems from missing file type validation in the REST endpoint /wp-json/srr/v1/app/upload/file, enabling authenticated attackers with Administrator-level access ...

CVE-2025-12399 Alex Reservations: Smart Restaurant Booking <= 2.2.3 - Authenticated (Admin+) Arbitrary File Upload

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, wi...