by Ivan Sorkin | Mar 10, 2026 | Core
Attack Vectors WordPress (slug: wordpress) versions up to and including 6.9.1 are affected by a Medium-severity vulnerability (CVSS 5.8, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N) that can be exploited without authentication. The attack is performed...
by Ivan Sorkin | Mar 10, 2026 | Core
Attack Vectors This Medium-severity vulnerability (CVSS 6.5) affects WordPress core (slug: wordpress) in versions up to and including 6.9.1. It can be triggered by an authenticated user with Author-level permissions or higher who is able to upload media. The...
by Ivan Sorkin | Mar 10, 2026 | Core
Attack Vectors Product: WordPress core (wordpress) | Severity: Medium (CVSS 4.3, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) | CVE: CVE-2026-3906 This issue affects WordPress versions 6.9 through 6.9.1 and involves the new Notes feature introduced in 6.9 for...
by Ivan Sorkin | Mar 10, 2026 | Core
Attack Vectors WordPress (wordpress) versions 6.9 through 6.9.1 are affected by CVE-2026-3906, rated Medium severity (CVSS 4.3). The primary attack path is through the WordPress REST API. An attacker must be authenticated with at least Subscriber-level access (or any...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors High severity Stored Cross-Site Scripting (XSS) has been identified in the Lead Form Builder & Contact Form WordPress plugin (Responsive Contact Form Builder & Lead Generation Plugin) up to version 2.0.1 (CVE-2026-1454, CVSS 7.2). The primary...
Recent Comments