by Ivan Sorkin | Feb 24, 2026 | Plugins
High severity alert: PixelYourSite – Your smart PIXEL (TAG) & API Manager (slug: pixelyoursite) is reported vulnerable to Unauthenticated Stored Cross-Site Scripting in versions <= 11.2.0.1. This issue is tracked as CVE-2026-27072 with a CVSS 7.2 (High) rating....
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-0829 affects the Frontend File Manager WordPress plugin (slug: nmedia-user-file-uploader) in versions up to and including 23.5. The issue is rated Medium severity (CVSS 5.3, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Because the...
by Ivan Sorkin | Feb 24, 2026 | Themes
Attack Vectors CVE-2026-25374 affects the Spa and Salon WordPress theme (slug: spa-and-salon) versions up to and including 1.3.2. Because this issue can be triggered by an unauthenticated attacker, the primary exposure is any website where the theme is installed and...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25372 affects Academy LMS – WordPress LMS Plugin for Complete eLearning Solution (slug: academy) in versions up to and including 3.5.3. The reported severity is Medium (CVSS 4.3). This issue can be abused by an authenticated user who already...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-23541 is a Medium-severity missing authorization issue (CVSS 5.3) affecting the WordPress plugin Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more (slug: mail-mint) in versions up to and...
Recent Comments