by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Penci Podcast (WordPress plugin slug: penci-podcast) is affected by a Medium-severity vulnerability (CVE-2026-27058, CVSS 6.4; vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) that can be exploited by an authenticated user with Contributor-level...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27057 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability affecting the Penci Filter Everything WordPress plugin (slug: penci-filter-everything) in versions up to, and including, 1.7. It can be exploited by an authenticated...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2026-25459 is a Medium severity missing authorization issue affecting the Sober WordPress theme (slug: sober) in versions up to, and including, 3.5.12. Because the attack requires an authenticated account (subscriber-level or above), the most common...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27050 is a medium-severity Cross-Site Request Forgery (CSRF) issue affecting the RealPress – Real Estate Plugin (slug: realpress) in versions up to and including 1.1.0. The CVSS score is 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N),...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25422 is a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability affecting the Popularis Extra WordPress plugin (popularis-extra) in versions up to and including 1.2.10 (CVSS 4.3; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)....
Recent Comments