by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Apocalypse Meow (WordPress plugin) versions 22.1.0 and below contain a Medium-severity SQL Injection vulnerability (CVE-2026-3523, CVSS 4.9) that can be triggered through an AJAX request parameter named type. The key business consideration is that...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors CVE-2026-3034 affects the WordPress plugin OoohBoi Steroids for Elementor (slug: ooohboi-steroids-for-elementor) in versions 2.1.24 and earlier. It is rated Medium severity (CVSS 6.4), and the attacker must already have a WordPress account with...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors CVE-2026-2899 affects the WordPress plugin Fluent Forms Pro Add On Pack (slug: fluentformpro) in versions 6.1.17 and earlier, and is rated Medium severity (CVSS 6.5). The primary attack path is over the public internet via WordPress AJAX endpoints....
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Fluent Forms Pro Add On Pack (slug: fluentformpro) versions 6.1.17 and earlier are affected by a High-severity Stored Cross-Site Scripting (XSS) vulnerability tracked as CVE-2026-2365 (CVSS 7.2). An attacker does not need to be logged in to attempt...
by Ivan Sorkin | Mar 4, 2026 | Themes
Attack Vectors Enzio – Responsive Business WordPress Theme (slug: enzio) versions up to and including 1.1.8 are affected by a Critical unauthenticated Local File Inclusion (LFI) vulnerability (CVE-2025-31912, CVSS 9.8). This means an attacker can target a...
Recent Comments