by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1390 is a Medium severity (CVSS 4.3) Cross-Site Request Forgery (CSRF) issue affecting the Redirect countdown WordPress plugin (slug: redirect-countdown) in all versions up to and including 1.0. In practical terms, an attacker doesn’t need to...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1575 is a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting the Schema Shortcode WordPress plugin (slug: schema-shortcode) in versions up to and including 1.0. The attack requires an authenticated WordPress account...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors SR WP Minify HTML (slug: sr-wp-minify-html) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVE-2026-1392, CVSS 4.3; CVE record). In practical terms, an external attacker does not need a login to your WordPress site to...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Comment Genius (WordPress plugin slug: comment-genius) versions up to and including 1.2.5 are affected by CVE-2026-1647, a medium-severity reflected cross-site scripting (XSS) issue (CVSS 6.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). This is a...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors WP NG Weather (slug: wp-ng-weather) is affected by a Medium-severity vulnerability (CVSS 6.4) tracked as CVE-2026-1822. The issue is a Stored Cross-Site Scripting (XSS) vulnerability that can be triggered through the plugin’s ng-weather shortcode when...
Recent Comments