by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-32459 is a medium-severity SQL Injection vulnerability (CVSS 4.9) affecting the UpsellWP – WooCommerce Upsell and Related Products Offers plugin (slug: checkout-upsell-and-order-bumps) in versions 2.2.4 and below. The issue is not a public,...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Ultra Addons for Contact Form 7 (slug: ultimate-addons-for-contact-form-7) is affected by an Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) vulnerability in versions up to and including 3.5.36 (CVE: CVE-2026-32460). The severity is rated...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-27046 is a Medium-severity authorization issue affecting StoreCustomizer – A plugin to Customize all WooCommerce Pages (slug: woocustomizer) in versions <= 2.6.3. The vulnerability can be exploited remotely over the network (CVSS 4.3;...
by Ivan Sorkin | Mar 19, 2026 | Themes
Attack Vectors CVE-2026-24973 is a Medium-severity (CVSS 6.1) reflected cross-site scripting (XSS) issue affecting the Support for CitiLights – Real Estate WordPress Theme (slug: noo-citilights) in versions up to and including 3.7.1. Because this is a reflected...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Modern Events Calendar (WordPress plugin slug: modern-events-calendar) is affected by CVE-2026-32583, a Medium-severity authorization issue (CVSS 5.3). Because the weakness can be triggered over the network and does not require authentication, an...
Recent Comments