by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors The WP Shortcodes Plugin — Shortcodes Ultimate (slug: shortcodes-ultimate) vulnerability (CVE-2026-3885, Medium severity, CVSS 6.4) is exploitable by an authenticated WordPress user with Contributor-level access or higher. The attacker can abuse the...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-27046 affects StoreCustomizer – A plugin to Customize all WooCommerce Pages (slug: woocustomizer) in versions <= 2.6.3. This is a Medium severity issue (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The attack scenario...
by Ivan Sorkin | Apr 15, 2026 | Themes
Attack Vectors CVE-2026-22417 is a High-severity vulnerability (CVSS 8.1) affecting the Grand Wedding WordPress theme (slug: grandwedding) in versions below 3.1.11. The issue can be triggered remotely over the network and does not require a user to be logged in,...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-22459 is a Medium-severity vulnerability (CVSS 5.3) affecting the WP CTA – Call Now Button, Sticky Button & Call to Action Builder plugin (also marketed as “WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales”) in versions up to and...
by Ivan Sorkin | Apr 15, 2026 | Themes
Attack Vectors Starto (WordPress theme) versions below 2.2.5 are affected by a Medium-severity Reflected Cross-Site Scripting (XSS) issue tracked as CVE-2026-27352 (CVSS 6.1). This vulnerability can be exploited by an unauthenticated attacker by getting a user (for...
Recent Comments