by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Product: teachPress (WordPress plugin, slug: teachpress) Vulnerability: Authenticated SQL Injection affecting teachPress versions up to and including 9.0.11. This is rated Medium severity (CVSS 3.1 score 6.5, vector:...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-26581 is a medium-severity Stored Cross-Site Scripting (XSS) issue affecting the WordPress plugin Picture Gallery – Frontend Image Uploads, AJAX Photo List (slug: picture-gallery) in versions up to and including 1.6.3. Because the vulnerability...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Pretty Url (slug: pretty-url) has a Medium-severity reflected cross-site scripting (XSS) vulnerability affecting versions up to and including 1.5.4 (CVE-2025-22564; CVSS 6.1). Reflected XSS typically works when an attacker sends a specially crafted URL...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2024-52478 is a Medium-severity (CVSS 6.4) Stored Cross-Site Scripting (XSS) issue affecting the Jobify – Job Board WordPress Theme (slug: jobify) in versions prior to 4.3.0. The attacker must be authenticated with at least Contributor...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2024-49699 affects the ARPrice – WordPress Pricing Table Plugin (slug: arprice) in versions up to and including 4.1.3. It is rated High severity (CVSS 8.8; vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), meaning it can be reached over...
Recent Comments