by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-2294 is a Medium-severity vulnerability (CVSS 4.3) affecting the WordPress plugin UiPress lite | Effortless custom dashboards, admin themes and pages (slug: uipress-lite) in versions up to and including 3.5.09. The primary attack vector is any...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3460 affects the WordPress plugin REST API TO MiniProgram (slug: rest-api-to-miniprogram) in versions up to and including 5.1.2. The issue involves a REST API request that accepts user-related parameters, including openid and userid. An...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Product: Performance Monitor (WordPress plugin, slug: performance-monitor) Vulnerability: CVE-2026-1648 (High severity, CVSS 7.2; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) This High-severity issue is exploitable over the internet with no...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors e-shot (WordPress plugin slug: e-shot-form-builder) versions up to and including 1.0.2 contain a Medium-severity vulnerability (CVSS 5.3) tracked as CVE-2026-3546. The issue involves a missing authorization check that allows any authenticated WordPress...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3645 affects Punnel – Landing Page Builder (slug: punnel-landing-page-builder) in versions up to and including 1.3.1. This is rated Medium severity with a CVSS 5.3 score (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). The issue is exploitable...
Recent Comments