by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Lobot Slider Administrator (slug: lobot-slider-administrator) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) issue in versions up to and including 0.6.0 (CVE-2026-3331; CVSS 4.3). The practical attack path is social: an attacker can...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1886 affects the Go Night Pro | WordPress Dark Mode Plugin (slug: go-night-pro) in versions 1.1.0 and below. This is a Medium-severity issue (CVSS 6.4) that can be exploited by an authenticated user with Contributor-level access or higher. The...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3651 affects the WordPress plugin Build App Online (slug: build-app-online) in versions <= 1.0.23 and is rated Medium severity (CVSS 5.3). The primary attack path is remote and does not require a user account. An attacker can send requests...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-2294 is a Medium-severity vulnerability (CVSS 4.3) affecting the WordPress plugin UiPress lite | Effortless custom dashboards, admin themes and pages (slug: uipress-lite) in versions up to and including 3.5.09. The primary attack vector is any...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3460 affects the WordPress plugin REST API TO MiniProgram (slug: rest-api-to-miniprogram) in versions up to and including 5.1.2. The issue involves a REST API request that accepts user-related parameters, including openid and userid. An...
Recent Comments