by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-3589 is a medium-severity Cross-Site Request Forgery (CSRF) issue affecting the WooCommerce WordPress plugin (versions earlier than 10.5.3). It can be exploited by an unauthenticated attacker if they can trick a logged-in site administrator...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors The Ultra WordPress Admin plugin (Ultra Admin, slug: ultra-admin) is affected by a Medium-severity vulnerability (CVSS 6.1) identified as CVE-2026-22523. It is a Reflected Cross-Site Scripting (XSS) issue impacting versions up to and including 11.7....
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Legacy Admin (WordPress plugin slug: legacy-admin) is affected by a Medium-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVSS 6.1; UI:R) in versions up to and including 9.5, tracked as CVE-2026-22524. The most common attack path is a...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Job Postings (WordPress plugin) versions 2.8 and earlier are affected by CVE-2026-23806, rated Medium severity with a CVSS score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). The issue can be reached over the network and does not require a...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-22448 is a Critical vulnerability (CVSS 9.1) affecting the PitchPrint WordPress plugin (slug: pitchprint) in versions up to and including 11.1.2. Because it is unauthenticated, an attacker does not need a login or employee interaction to...
Recent Comments