by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors CVE-2026-3138 is a Medium severity (CVSS 6.5) vulnerability in Product Filter for WooCommerce by WBW (slug: woo-product-filter) affecting versions up to and including 3.1.2. It can be exploited remotely over the internet without a user account (no login...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors CVE-2023-28490 is a Medium-severity (CVSS 6.1) reflected cross-site scripting (XSS) issue affecting the Estatik Mortgage Calculator WordPress plugin (slug: estatik-mortgage-calculator) in versions up to and including 2.0.11. Details are tracked here:...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors CVE-2026-3079 is a Medium-severity vulnerability (CVSS 6.5) affecting the LearnDash LMS WordPress plugin (sfwd-lms) in versions up to and including 5.0.3. The issue can be exploited by an authenticated user with Contributor-level access or higher. The...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors Woocommerce Custom Product Addons Pro (slug: woo-custom-product-addons-pro) is affected by a Critical vulnerability (CVSS 9.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) tracked as CVE-2026-4001. The risk is highest for organizations running...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors CVE-2026-3533 is a High severity vulnerability (CVSS 8.8) affecting the Jupiter X Core WordPress plugin (slug: jupiterx-core) in versions 4.14.1 and below. The risk is triggered by an attacker who already has a WordPress login with Subscriber-level...
Recent Comments