by Ivan Sorkin | Mar 2, 2026 | Plugins
Attack Vectors CVE-2026-1492 is a Critical vulnerability (CVSS 9.8) affecting the WordPress plugin User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder (slug:...
by Ivan Sorkin | Mar 2, 2026 | Plugins
Attack Vectors Page Builder by SiteOrigin (slug: siteorigin-panels) is affected by a High-severity vulnerability (CVSS 8.8, CVE-2026-2448) impacting versions up to and including 2.33.5. The issue is an Authenticated (Contributor+) Local File Inclusion (LFI), meaning...
by Ivan Sorkin | Mar 2, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-2628 affects the WordPress plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login (slug: login-with-azure) in versions up to and including 2.2.5. Because the issue is an authentication bypass, an attacker does not...
by Ivan Sorkin | Mar 2, 2026 | Plugins
Attack Vectors The vulnerability (CVE-2026-2269) affects the WordPress plugin Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin (slug: uncanny-automator) in versions up to and including 7.0.0.3. It is rated High severity (CVSS...
by Ivan Sorkin | Mar 2, 2026 | Plugins
Attack Vectors LatePoint – Calendar Booking Plugin for Appointments and Events (slug: latepoint-2) is affected by an authenticated SQL Injection vulnerability in versions up to and including 5.2.7. The issue is tied to the plugin’s JSON Import capability, where...
Recent Comments