by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors High severity vulnerability (CVSS 8.8) in WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation (slug: optin) affects versions up to 1.4.24. The issue (CVE-2026-1720) allows an attacker who can log in with a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-2599 is a Critical vulnerability (CVSS 9.8) affecting the WordPress plugin Database for Contact Form 7, WPforms, Elementor forms (slug: contact-form-entries) in versions 1.4.7 and below. It is exploitable by unauthenticated attackers over the...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Membership Plugin – Restrict Content (slug: restrict-content) has a High-severity vulnerability (CVSS 8.1, CVE-2026-1321) that can be exploited without authentication. In practical terms, an outside attacker can attempt to register a new account and...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Page and Post Clone (slug: page-or-post-clone) has a Medium-severity vulnerability (CVSS 6.5) tracked as CVE-2026-2893. The issue affects all versions up to and including 6.3. The primary attack path is through a WordPress user account with at least...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Media Library Assistant (slug: media-library-assistant) versions 3.33 and earlier have a Medium-severity vulnerability (CVSS 4.3) that can be abused by any authenticated WordPress user with Subscriber-level access or higher. This matters because...
Recent Comments