by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3584 is a Critical vulnerability (CVSS 9.8, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the WordPress plugin Kali Forms — Contact Form & Drag-and-Drop Builder (slug: kali-forms) in versions up to and including 2.4.9. The...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-2421 is a Medium-severity vulnerability (CVSS 6.5) affecting the ilGhera Carta Docente for WooCommerce WordPress plugin (wc-carta-docente) in versions 1.5.0 and earlier. The issue can be exploited by an authenticated user with...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-2432 is a Medium severity (CVSS 4.4) stored cross-site scripting (XSS) issue affecting the WordPress plugin CM Custom Reports – Flexible reporting to track what matters most (slug: cm-custom-reports) in versions 1.2.7 and earlier. The attack...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Medium severity advisory (CVSS 5.3): RockPress (WordPress plugin slug: ft-rockpress) versions 1.0.17 and earlier are affected by CVE-2026-3550 due to missing authorization checks on multiple AJAX actions. CVE record: https://www.cve.org/CVERecord?id=CVE-2026-3550....
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-32451 is a Medium-severity missing authorization issue (CVSS 4.3) affecting the Avada (Fusion) Builder WordPress plugin (slug: fusion-builder) in versions earlier than 3.15.0. The practical attack path requires a user to already be logged into...
Recent Comments