by Ivan Sorkin | Jan 30, 2026 | Plugins
Attack Vectors Simple User Registration (slug: wp-registration) has a Critical vulnerability (CVE-2024-49604, CVSS 9.8) that can be exploited remotely over the internet. Because the issue can be abused by unauthenticated attackers, a threat actor does not need a valid...
by Ivan Sorkin | Jan 30, 2026 | Plugins
Attack Vectors SupportCandy – Helpdesk & Customer Support Ticket System (WordPress plugin slug: supportcandy) is affected by a Medium severity issue (CVSS 5.4) in versions up to and including 3.4.4. The vulnerability (CVE-2026-1251) can be exploited by an...
by Ivan Sorkin | Jan 30, 2026 | Plugins
Attack Vectors SupportCandy – Helpdesk & Customer Support Ticket System (WordPress plugin slug: supportcandy) has a Medium severity vulnerability (CVSS 6.5) identified as CVE-2026-0683 that can be exploited by authenticated users with Subscriber-level access or...
by Ivan Sorkin | Jan 30, 2026 | Plugins
Attack Vectors MDJM Event Management (slug: mobile-dj-manager) versions up to and including 1.7.6 have a High-severity privilege escalation vulnerability (CVE-2025-52824, CVSS 8.8). The primary attack vector is an authenticated user account at the Subscriber level (or...
by Ivan Sorkin | Jan 30, 2026 | Plugins
Attack Vectors This Medium-severity issue (CVSS 5.3) affects the WordPress plugin Ajax Load More – Infinite Scroll, Load More, & Lazy Load (slug: ajax-load-more) in versions 7.8.1 and below. Because the weakness can be triggered over the network without a user...
Recent Comments