by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors LearnDash LMS (WordPress plugin slug: sfwd-lms) has a Medium-severity vulnerability (CVE-2024-1210, CVSS 5.3) that can be exploited over the internet by an unauthenticated attacker. The issue is tied to how certain content is exposed via the plugin’s...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2026-2413 is a High severity (CVSS 7.5) SQL Injection vulnerability affecting the WordPress plugin Ally – Web Accessibility & Usability (slug: pojo-accessibility) in versions up to and including 4.0.3. The key business risk is that the attack...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2025-13067 is a High-severity vulnerability (CVSS 8.8) affecting Royal Addons for Elementor – Addons and Templates Kit for Elementor (slug: royal-elementor-addons) in versions up to and including 1.7.1049. The risk comes from an authenticated...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2026-3453 is a High-severity (CVSS 8.1) issue affecting Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress (plugin slug: wp-user-avatar) in versions 4.16.11 and earlier. An...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors MC4WP: Mailchimp for WordPress (slug: mailchimp-for-wp) is affected by CVE-2026-1781, a Medium severity issue (CVSS 6.5, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). In versions up to and including 4.11.1, an attacker can submit a crafted web request...
Recent Comments