by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25399 affects the Serious Slider WordPress plugin (slug: cryout-serious-slider) versions <= 1.2.7. This is a Medium-severity issue (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) that can be exploited remotely over the...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors Business Roy (WordPress theme slug: business-roy) versions ≤ 1.1.4 are affected by CVE-2026-25395, rated Medium severity (CVSS 4.3; vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). This issue can be exploited by an authenticated user with...
by Ivan Sorkin | Feb 26, 2026 | Themes
CVE-2026-25394 is a Medium-severity (CVSS 4.3) authorization issue affecting the Fitness FSE WordPress theme (slug: fitness-fse) in versions up to and including 1.0.6. Due to a missing permission check, an authenticated user (subscriber-level and above) may be able to...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors Hello FSE (WordPress theme slug: hello-fse) versions up to and including 1.0.6 have a Medium-severity vulnerability (CVSS 4.3) tracked as CVE-2026-25393. The risk comes from authenticated attackers who already have an account on your site (including...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25391 affects the WordPress plugin WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek (slug: ai-content-generation) in versions <= 1.3.07. The issue is rated Medium severity (CVSS 4.3, vector:...
Recent Comments