by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors CVE-2025-69347 affects the Subscription for WooCommerce – WordPress Recurring Payments Plugin (slug: subscription) in versions 1.8.10 and earlier. This is an authenticated issue, meaning an attacker must be logged in with Customer (Custom-level) access...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors CVE-2026-22484 is a High-severity vulnerability (CVSS 7.5) affecting the Lisfinity Core WordPress plugin (slug: lisfinity-core) used by the pebas® Lisfinity WordPress theme in versions 1.5.0 and below. Because the issue is unauthenticated, an...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors My Album Gallery (slug: my-album-gallery) versions <= 1.0.4 are affected by CVE-2026-22485, a High severity issue (CVSS 8.1, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H). This vulnerability can be exploited by an authenticated user with...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors CVE-2026-2289 is a Medium severity Stored Cross-Site Scripting (XSS) issue (CVSS 4.4) affecting the Taskbuilder – Project Management & Task Management Tool With Kanban Board WordPress plugin (slug: taskbuilder) up to version 5.0.3. The attack...
by Ivan Sorkin | Mar 12, 2026 | Themes
Attack Vectors DeepDigital – Web Design Agency WordPress Theme (slug: deepdigital) versions up to and including 1.0.2 are affected by a Medium-severity reflected cross-site scripting (XSS) vulnerability (CVE-2026-22467, CVSS 6.1). The most common path for this type of...
Recent Comments