by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-4373 is a High-severity vulnerability (CVSS 7.5) affecting the JetFormBuilder — Dynamic Blocks Form Builder plugin (slug: jetformbuilder) in versions up to and including 3.5.6.2. An unauthenticated attacker can exploit this issue remotely by...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2024-13785 is a Medium-severity vulnerability (CVSS 5.6) affecting the WordPress plugin Contact Form, Survey, Quiz & Popup Form Builder – ARForms (slug: arforms-form-builder) in versions <= 1.7.2. The issue is unauthenticated, meaning an...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors WP-WebAuthn (slug: wp-webauthn) versions 1.3.4 and earlier are affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability (severity: Medium, CVSS 6.1; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) tracked as CVE-2025-13910....
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-2290 is a Medium severity vulnerability (CVSS 6.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) affecting the Post Affiliate Pro WordPress plugin (postaffiliatepro) in versions up to and including 1.28.0. It is a Server-Side Request...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1247 is a Medium-severity stored cross-site scripting (XSS) issue (CVSS 4.4) affecting the Survey WordPress plugin (slug: survey) in versions 1.1 and below. The vulnerable path is the plugin’s admin settings, where insufficient input...
Recent Comments