by Ivan Sorkin | Mar 24, 2026 | Plugins
High severity alert (CVSS 8.8): CVE-2025-14997 affects the WordPress plugin BuddyPress Xprofile Custom Field Types (slug: bp-xprofile-custom-field-types) in all versions up to and including 1.2.8. The issue allows an authenticated user (Subscriber and above) to delete...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors CVE-2026-4283 affects the WP DSGVO Tools (GDPR) WordPress plugin (slug: shapepress-dsgvo) in versions <= 3.1.38 and is rated Critical (CVSS 9.1; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). The attack path is remote and requires no login...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors JetEngine (WordPress plugin slug: jet-engine) is affected by a High-severity vulnerability (CVSS 7.5, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) tracked as CVE-2026-4662. The issue is exploitable over the internet without authentication. The...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors CVE-2026-3138 is a Medium severity (CVSS 6.5) vulnerability in Product Filter for WooCommerce by WBW (slug: woo-product-filter) affecting versions up to and including 3.1.2. It can be exploited remotely over the internet without a user account (no login...
by Ivan Sorkin | Mar 23, 2026 | Plugins
Attack Vectors CVE-2023-28490 is a Medium-severity (CVSS 6.1) reflected cross-site scripting (XSS) issue affecting the Estatik Mortgage Calculator WordPress plugin (slug: estatik-mortgage-calculator) in versions up to and including 2.0.11. Details are tracked here:...
Recent Comments