by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-23549 is a High-severity issue (CVSS 8.1, vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting WpEvently (Event Booking Manager for WooCommerce) (plugin slug: mage-eventpress) up to and including version 5.1.1. The vulnerability can...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-25385 is a medium-severity Server-Side Request Forgery (SSRF) vulnerability (CVSS 6.4) affecting the URL Shortify – Simple and Easy URL Shortener WordPress plugin (url-shortify) in versions up to and including 1.12.3. An attacker must be...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-25389 affects the WordPress plugin EventPrime – Events Calendar, Bookings and Tickets (slug: eventprime-event-calendar-management) in versions up to and including 4.2.8.3. Because this is an unauthenticated information exposure issue, an...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors WooCommerce Wholesale Lead Capture Plugin for WooCommerce (slug: woocommerce-wholesale-lead-capture) has a Critical vulnerability (CVE-2026-27540) that can be exploited over the internet with no login required. The CVSS score is 9.8...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-27540 affects the Wholesale Lead Capture Plugin for WooCommerce (slug: woocommerce-wholesale-lead-capture) in versions <= 1.17.8. Because the issue is unauthenticated, an attacker does not need a login account to attempt exploitation over...
Recent Comments