by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors High severity (CVSS 8.8) SQL Injection has been reported in CMS Commander – Manage Multiple Sites (WordPress plugin slug: cms-commander-client) affecting versions up to and including 2.288, tracked as CVE-2026-3334. The attack requires an authenticated...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3333 is a medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting the MinhNhut Link Gateway WordPress plugin (slug: minhnhut-link-gateway) in versions up to and including 3.6.1. It can be exploited by an authenticated user...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3354 is a Medium-severity stored cross-site scripting (XSS) issue (CVSS 4.4) affecting the Wikilookup WordPress plugin (versions <= 1.1.5). The vulnerable entry point is the plugin’s “Popup Width” setting. This is an authenticated...
by Ivan Sorkin | Mar 20, 2026 | Plugins
CVE-2026-3335 is a Medium-severity vulnerability (CVSS 5.3) affecting the Canto WordPress plugin in versions up to and including 3.1.1. The issue allows unauthenticated file upload due to missing authorization controls in a directly accessible plugin file. Details are...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1899 is a Medium-severity vulnerability (CVSS 6.4) affecting the Any Post Slider WordPress plugin (slug: any-post-slider) in versions 1.0.4 and earlier. It enables an authenticated attacker with Contributor-level access (or higher) to plant a...
Recent Comments