by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24966 is a Medium-severity Cross-Site Request Forgery (CSRF) issue affecting the Copyscape Premium WordPress plugin (slug: copyscape-premium) in versions up to and including 1.4.1. CSRF attacks typically rely on social engineering: an...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24965 is a Medium-severity authorization issue affecting the WordPress plugin Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe (slug: contest-gallery) in versions up to and including 28.1.1. The key risk is that...
by Ivan Sorkin | Feb 10, 2026 | Themes
Attack Vectors Grand Blog (WordPress theme slug: grandblog) versions below 3.1.5 are affected by a High-severity Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-24961, CVSS 7.2). Because the issue is unauthenticated, an attacker does not need a login to...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Strong Testimonials (slug: strong-testimonials) versions up to 3.2.20 are affected by a Medium-severity missing authorization issue (CVSS 4.3) tracked as CVE-2026-24957. The primary attack path is through an authenticated user account with...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors High severity vulnerability (CVSS 7.5) identified as CVE-2026-24954 affects Event Booking Manager for WooCommerce (WordPress plugin slug: mage-eventpress) in versions up to and including 5.0.8. The issue is described as an Authenticated (Contributor+)...
Recent Comments