by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-24555 is a Medium-severity Stored Cross-Site Scripting (XSS) issue affecting the ArtPlacer Widget WordPress plugin (slug: artplacer-widget) in versions up to and including 2.23.2. The vulnerability can be exploited by an authenticated user with...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-24571 is a Medium-severity authorization issue (CVSS 4.3) affecting the BOX NOW Delivery WordPress plugin (box-now-delivery) in versions up to and including 3.0.2. The risk is triggered when an attacker already has a valid login (for example, a...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2025-68020 affects the WANotifier / Notifications for Forms & WordPress Actions plugin (slug: notifier) in versions up to and including 2.7.13. The issue is a missing authorization (capability) check, which means an attacker does not need an...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors Tutor LMS Pro (slug: tutor-pro) versions up to and including 3.9.6 are affected by CVE-2026-22332, a High severity vulnerability (CVSS 7.5; vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). This issue is an unauthenticated SQL Injection, meaning an...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors WPAdverts – Classifieds Plugin (slug: wpadverts) is affected by CVE-2026-27092, a Medium-severity issue (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) in versions <= 2.3.0. The attack requires a valid WordPress login. An...
Recent Comments