by Ivan Sorkin | Mar 12, 2026 | Themes
Attack Vectors CVE-2026-22454 is a High-severity vulnerability (CVSS 8.1) affecting the Solaris WordPress theme in versions 2.5 and earlier. The issue is exploitable over the network and does not require an attacker to be logged in (unauthenticated). In practical...
by Ivan Sorkin | Mar 12, 2026 | Themes
Attack Vectors CVE-2026-22455 is a Medium severity issue (CVSS 6.1; CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) affecting the Thebe – Portfolio WordPress Theme (slug: thebe) in versions up to and including 1.3.0. This is a Reflected Cross-Site Scripting (XSS)...
by Ivan Sorkin | Mar 12, 2026 | Themes
Attack Vectors CVE-2026-27332 is a Medium-severity reflected cross-site scripting (XSS) issue affecting the agrofood WordPress theme in versions up to and including 1.3.0 (CVSS 3.1 score: 6.1). The attack is network-based and can be performed by an unauthenticated...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors Critical (CVSS 9.1) vulnerability CVE-2026-22460 affects the WordPress plugin FormGent – Next-Gen AI Form Builder for WordPress with Multi-Step, Quizzes, Payments & More (slug: formgent) in versions <= 1.4.2. Because the issue is unauthenticated,...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors CVE-2026-24385 is a High severity vulnerability (CVSS 7.5) affecting the Podlove Web Player WordPress plugin (podlove-web-player) in versions 5.9.1 and below. The issue is an Authenticated (Contributor+) PHP Object Injection risk caused by...
Recent Comments