by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2024-10938 (Medium severity, CVSS 6.5) affects the OVRI Payment WordPress plugin (slug: moneytigo) version 1.7.0. The issue involves malicious .htaccess directives shipped inside the plugin, which can influence what code is allowed to run on your...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27440 is a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting the WordPress plugin myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program (mycred) in versions up to and including...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27360 is a Medium-severity stored cross-site scripting (XSS) vulnerability (CVSS 4.4) affecting Photo Gallery by 10Web – Mobile-Friendly Image Gallery (WordPress plugin slug: photo-gallery) in versions up to and including 1.8.38. The attack...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27368 affects the WordPress plugin Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode (slug: coming-soon) in versions up to and including 6.19.8. The issue is rated Medium severity (CVSS 5.3)....
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Page Builder Gutenberg Blocks – CoBlocks (slug: coblocks) versions up to and including 3.1.16 are affected by a medium-severity stored cross-site scripting (XSS) issue (CVE-2026-27094, CVSS 6.4). The primary attack path requires a user to already be...
Recent Comments