by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors JetBooking (WordPress plugin slug: jet-booking) has a High-severity vulnerability (CVSS 7.5) that can be exploited without authentication. According to the disclosed advisory, attackers can target the public-facing functionality that accepts the...
by Ivan Sorkin | Mar 10, 2026 | Themes
Attack Vectors Affected product: Astra theme for WordPress (slug: astra) versions up to and including 4.12.3. Vulnerability: CVE-2026-3534 (Severity: Medium, CVSS 6.4; vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). Public record:...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters (slug: wp-google-map-plugin) versions up to and including 4.9.1 are affected by CVE-2026-3222, a High severity issue (CVSS 7.5, vector:...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2026-2707 is a medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting weForms – Easy Drag & Drop Contact Form Builder For WordPress (slug: weforms) in versions up to and including 1.6.27. The primary attack path is through...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors WP ULike – Like & Dislike Buttons for Engagement and Feedback (slug: wp-ulike) is affected by a Medium-severity vulnerability (CVSS 6.4) tracked as CVE-2026-2358. The issue can be exploited by an authenticated user with Contributor-level access (or...
Recent Comments