by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-4069 is a Medium-severity vulnerability (CVSS 6.1) affecting Alfie – Feed Plugin (slug: alfie-the-productfeedtool-wp-plugin) in versions up to and including 1.2.1. It combines Cross-Site Request Forgery (CSRF) with Stored Cross-Site Scripting...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors WordPress PayPal Donation (slug: wordpress-paypal-donation) has a Medium-severity stored cross-site scripting (XSS) vulnerability (CVSS 6.4) tracked as CVE-2026-4072. The issue affects all versions up to and including 1.01. The attack requires an...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3617 affects the WordPress plugin Paypal Shortcodes (slug: paypal-shortcodes) in versions up to and including 0.3. The issue is a Medium-severity stored cross-site scripting (XSS) vulnerability (CVSS 6.4) that requires an attacker to be an...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors WP Games Embed (slug: wp-games-embed) versions up to and including 0.1beta contain a Medium severity vulnerability (CVE-2026-3996, CVSS 6.4) that can be exploited by an authenticated user with at least Contributor permissions. The attack path is...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-4084 is a Medium severity vulnerability (CVSS 6.4) affecting the WordPress plugin fyyd podcast shortcodes (slug: fyyd-podcast-shortcodes) in all versions up to and including 0.3.1. The issue is an authenticated Stored Cross-Site Scripting...
Recent Comments