by Ivan Sorkin | Mar 24, 2026 | Plugins
Attack Vectors CVE-2026-2991 is a High-severity authentication bypass vulnerability (CVSS 7.3) affecting the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin (kivicare-clinic-management-system) in versions up to and including 4.1.2. An...
by Ivan Sorkin | Mar 24, 2026 | Plugins
Attack Vectors CVE-2026-4766 is a Medium severity stored cross-site scripting (XSS) issue (CVSS 6.4, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) affecting the Easy Image Gallery WordPress plugin (slug: easy-image-gallery) in versions up to and including...
by Ivan Sorkin | Mar 24, 2026 | Plugins
High severity alert (CVSS 8.8): CVE-2025-14997 affects the WordPress plugin BuddyPress Xprofile Custom Field Types (slug: bp-xprofile-custom-field-types) in all versions up to and including 1.2.8. The issue allows an authenticated user (Subscriber and above) to delete...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors CVE-2026-4283 affects the WP DSGVO Tools (GDPR) WordPress plugin (slug: shapepress-dsgvo) in versions <= 3.1.38 and is rated Critical (CVSS 9.1; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). The attack path is remote and requires no login...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors JetEngine (WordPress plugin slug: jet-engine) is affected by a High-severity vulnerability (CVSS 7.5, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) tracked as CVE-2026-4662. The issue is exploitable over the internet without authentication. The...
Recent Comments