by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors Listee (WordPress theme) is affected by an unauthenticated privilege escalation vulnerability in versions up to and including 1.1.6. Rated Critical (CVSS 9.8), this issue allows an attacker to create an account with Administrator privileges without...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27540 affects the Wholesale Lead Capture Plugin for WooCommerce (slug: woocommerce-wholesale-lead-capture) in all versions up to and including 2.0.3.1. With a Critical severity rating (CVSS 9.8, vector...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors WP Recipe Maker (slug: wp-recipe-maker) versions up to and including 10.3.2 contain a Medium-severity vulnerability (CVE-2026-1558, CVSS 5.3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) that can be exploited remotely over the internet. The issue is...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors The Oxpitan – Nonprofit Charity WordPress Theme (slug: oxpitan) is affected by a Critical vulnerability (CVSS 9.8) that can be exploited without authentication in versions up to and including 1.3.5. This issue is a Local File Inclusion (LFI),...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The xPromoter WordPress plugin (slug: top_bar_promoter) has an authenticated SQL Injection vulnerability affecting versions up to and including 1.3.4 (CVE: CVE-2025-68053). The severity is rated Medium with a CVSS 3.1 score of 6.5...
Recent Comments