by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program (slug: mycred) is affected by a Medium-severity vulnerability (CVSS 4.3, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) tracked as CVE-2026-24951. The issue enables...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24947 is a Medium severity issue affecting the WordPress plugin LA-Studio Element Kit for Elementor (slug: lastudio-element-kit) in versions earlier than 1.5.6.3. The vulnerability is described as a missing authorization (capability) check on a...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24945 affects the WordPress plugin Ultra Addons for Contact Form 7 (slug: ultimate-addons-for-contact-form-7) in versions up to and including 3.5.34. The issue is categorized as a missing authorization (“missing capability check”), which means...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24942 is a Medium-severity Cross-Site Request Forgery (CSRF) issue affecting Event Booking Manager for WooCommerce (slug: mage-eventpress), specifically WpEvently versions 5.1.1 and earlier. The primary attack vector involves an unauthenticated...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24940 affects the Tourfic Toolkit (travelfic-toolkit) WordPress plugin in versions up to and including 1.3.3, and it is rated Medium severity (CVSS 4.3). The issue can be exploited over the network and does not require user interaction, which...
Recent Comments