by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-60121 affects the WooEvents – Calendar and Event Booking WordPress plugin (slug: woo-events) in versions up to and including 4.1.7. This is a Medium severity issue (CVSS 5.3) involving missing authorization, meaning an attacker may be...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Product: User Notes (slug: user-notes) Severity: Medium (CVSS 4.4; CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N) CVE-2025-60136 affects the User Notes WordPress plugin in versions up to and including 1.0.2. The attack requires an authenticated user with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors ListingPro Reviews (WordPress plugin slug: listingpro-reviews) versions prior to 2.9.11 contain a Medium-severity missing authorization issue (CVSS 5.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) tracked as CVE-2025-58667. The practical attack path...
by Ivan Sorkin | Feb 26, 2026 | Uncategorized
Attack Vectors CVE-2025-60148 affects the Subscribe to Download WordPress plugin (slug: subscribe-to-download) in versions up to and including 2.0.9. The issue is rated Medium severity (CVSS 4.3). The primary attack path is through a logged-in WordPress account. An...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor (slug: gutentor) versions up to and including 3.5.2 contain a Medium-severity authorization issue (CVE-2025-58680, CVSS 5.4). The primary attack vector is an authenticated WordPress user...
Recent Comments