by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors The WordPress theme Listify (slug: listify) is affected by a Medium-severity vulnerability (CVE-2026-28042) in versions up to and including 3.2.5. This is a Reflected Cross-Site Scripting (XSS) issue, which typically involves a malicious link or request...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales (slug: easy-sticky-sidebar) has a Medium-severity missing authorization issue (CVE-2026-22459, CVSS 5.3) affecting versions up to and including 1.7.4. Because the vulnerable function lacks a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Greenshift – animation and page builder blocks (slug: greenshift-animation-and-page-builder-blocks) has a Medium-severity issue (CVE-2026-2589, CVSS 5.3) affecting versions 12.8.3 and earlier. The risk comes from an automated Settings Backup that is...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Greenshift – animation and page builder blocks has a Medium-severity vulnerability (CVE-2026-2593, CVSS 6.4) affecting versions up to and including 12.8.5. The issue is an authenticated Stored Cross-Site Scripting (XSS) weakness, meaning an attacker...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors # CVE-2026-3459 is a High-severity issue (CVSS 8.1) affecting the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (slug: drag-and-drop-multiple-file-upload-contact-form-7). The vulnerability can be exploited remotely over the...
Recent Comments