by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors CVE-2026-4281 affects the FormLift for Infusionsoft Web Forms WordPress plugin (slug: formlift) in versions 7.5.21 and below. The issue is rated Medium severity (CVSS 5.3, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), meaning it can be...
by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors Blackhole for Bad Bots (versions <= 3.8) has a High severity vulnerability (CVSS 7.2) that can be triggered by an external attacker sending a crafted User-Agent HTTP header to your website. Because the data is stored and later displayed in the...
by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors CVE-2026-4278 affects the Simple Download Counter WordPress plugin (slug: simple-download-counter) in versions up to and including 2.3. This is a Medium severity issue (CVSS 6.4) involving Stored Cross-Site Scripting (XSS). The primary attack path is...
by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors CVE-2026-4331 affects the WordPress plugin Blog2Social: Social Media Auto Post & Scheduler (slug: blog2social) in versions <= 8.8.2. It is rated Medium severity (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The primary attack...
by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors CVE-2026-4075 is a Medium-severity stored cross-site scripting (XSS) vulnerability (CVSS 6.4) affecting BWL Advanced FAQ Manager Lite (slug: bwl-advanced-faq-manager-lite) in versions up to and including 1.1.1. The most realistic attack path requires an...
Recent Comments