by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2024-34800 is a High severity issue (CVSS 8.8) affecting the Crafthemes Demo Import WordPress plugin (slug: crafthemes-demo-import) versions 3.3 and earlier. The vulnerability is caused by a missing authorization (capability) check in the...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors WP YouTube Lyte (slug: wp-youtube-lyte) versions 1.7.29 and below are affected by a Medium-severity Stored Cross-Site Scripting issue (CVE-2026-3299, CVSS 6.4). The vulnerability is triggered through the plugin’s “lyte” shortcode, where certain...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-4880 is a Critical vulnerability (CVSS 9.8, CVE record) affecting the WordPress plugin Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) (slug:...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors This Medium-severity vulnerability (CVSS 4.3) affects the WordPress plugin “Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress” (slug: wp-user-avatar) in versions up to and including...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-1852 affects the Product Pricing Table by WooBeWoo WordPress plugin (slug: woo-product-pricing-tables) in versions up to and including 1.1.0. This is a Medium severity issue (CVSS 6.1). The primary attack path is Cross-Site Request Forgery...
Recent Comments