by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors CVE-2026-3891 affects the Pix for WooCommerce WordPress plugin (slug: payment-gateway-pix-for-woocommerce) in versions <= 1.5.0 and is rated Critical with a CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Because this issue is...
by Ivan Sorkin | Mar 12, 2026 | Themes
Attack Vectors BuddyApp (WordPress theme) versions up to and including 1.9.2 are affected by a Medium-severity reflected cross-site scripting (XSS) issue tracked as CVE-2026-22465 (CVSS 6.1). The most likely path to exploitation is through social engineering: an...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors CVE-2025-68515 is a Medium-severity vulnerability (CVSS 5.3) affecting WP Booking System – Booking Calendar (plugin slug: wp-booking-system) in versions up to and including 2.0.19.12. It is categorized as an Unauthenticated Information Exposure issue....
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors CVE-2026-22471 is a High-severity issue (CVSS 8.1) affecting the Secudeal Payments for Ecommerce WordPress plugin (versions up to and including 1.1). Because the weakness can be triggered without authentication, an attacker can attempt exploitation...
by Ivan Sorkin | Mar 12, 2026 | Plugins
High severity alert (CVSS 8.8): Booking for Appointments and Events Calendar – Amelia (WordPress plugin slug: ameliabooking) is affected by an authenticated privilege escalation vulnerability in versions up to and including 1.2.38. Tracked as CVE-2026-24963, this...
Recent Comments