by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors rexCrawler (slug: rexcrawler) versions up to and including 1.0.15 are affected by a Medium-severity reflected cross-site scripting (XSS) issue (CVSS 6.1; CVE-2026-2277). The vulnerable entry point is the plugin’s search-pattern tester page, where the...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors myLinksDump (slug: mylinksdump) versions 1.6 and below are affected by a High-severity SQL Injection vulnerability (CVE-2026-2279, CVSS 7.2). The issue is triggered through the sort_by and sort_order parameters, which can be abused to manipulate...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-2427 is a Medium severity (CVSS 6.1) Reflected Cross-Site Scripting (XSS) issue affecting the itsukaita WordPress plugin in versions up to and including 0.1.2. The flaw is triggered through user-supplied input in the day_from and day_to...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors The login_register WordPress plugin (slug: login-register) is affected by CVE-2026-1503 with Medium severity (CVSS 4.3). This issue can be exploited remotely over the internet, but it typically requires user interaction: an attacker must trick an...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-2424 is a medium-severity Stored Cross-Site Scripting (XSS) issue in the Reward Video Ad for WordPress plugin (slug: applixir) affecting versions 1.6 and below. The attack requires an authenticated user with Administrator-level access (or...
Recent Comments