by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Quentn WP (WordPress plugin slug: quentn-wp) has a High-severity vulnerability (CVSS 7.5, CVE-2026-2468) that can be exploited by an unauthenticated attacker over the internet. The attack is carried out by manipulating a specific browser cookie named...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Linksy Search and Replace (slug: linksy-search-and-replace) has a High severity vulnerability (CVSS 8.8, CVE-2026-2941) that can be exploited by an authenticated user with Subscriber-level access or higher. That means the risk is most relevant to...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors WP-Chatbot for Messenger (slug: wp-chatbot) is affected by CVE-2026-3506, a Medium severity issue (CVSS 5.3, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Because the vulnerable action is reachable over the network and does not require...
by Ivan Sorkin | Mar 20, 2026 | Themes
Attack Vectors Product: Enfold (WordPress theme) Slug: enfold-2 Vulnerability: CVE-2026-3952 (Medium severity; CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) affects Enfold versions up to and including 7.1.4. This is an authenticated stored cross-site...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors The Pre* Party Resource Hints WordPress plugin (slug: pre-party-browser-hints) has a Medium-severity vulnerability (CVSS 6.5) tracked as CVE-2026-4087. This issue can be exploited remotely over the internet and requires a user to be logged in with...
Recent Comments