by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More (slug: envira-gallery-lite) has a Medium-severity vulnerability (CVSS 6.4, CVE-2026-1236) affecting versions up to and including 1.12.3. The issue is an authenticated...
by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors WP-Members Membership Plugin (slug: wp-members) versions up to and including 3.5.5.1 contain a medium-severity SQL Injection vulnerability (CVE-2026-2363, CVSS 6.5) that can be exploited by an authenticated user with Contributor-level access or higher....
by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors Enable Media Replace (slug: enable-media-replace) versions 4.1.7 and earlier have a Medium severity vulnerability (CVE-2026-2732, CVSS 5.4) that can be abused by a logged-in user with Author-level access or higher. In practical terms, this means the...
by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors Medium severity (CVSS 5.4) vulnerability CVE-2026-1927 affects the WordPress plugin Greenshift – animation and page builder blocks (slug: greenshift-animation-and-page-builder-blocks) in versions 12.6 and below. The issue can be exploited by an...
by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors Morkva UA Shipping (slug: morkva-ua-shipping) versions 1.7.9 and earlier have a Medium severity Stored Cross-Site Scripting issue (CVE-2026-2292) that can be triggered through the plugin’s admin settings. The primary attack path requires an...
Recent Comments