by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-2420 affects the WordPress plugin LotekMedia Popup Form (slug: ltm-popup-form) in versions up to and including 1.0.6. It is a Medium severity issue (CVSS 4.4) that requires an authenticated user with Administrator-level access...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors True Ranker (WordPress plugin slug: seo-local-rank) versions 2.2.9 and below have a Medium severity vulnerability (CVSS 4.3, CVE-2026-1085) that can be triggered through Cross-Site Request Forgery (CSRF). In practical terms, an unauthenticated attacker...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-1071 is a Medium-severity stored cross-site scripting (XSS) vulnerability affecting the WordPress plugin Carta Online (slug: carta-online) in versions up to and including 2.13.0. The issue occurs through the plugin’s administrator-accessible...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Font Pairing Preview For Landing Pages (slug: wp-font-pairing-preview) has a Medium-severity issue (CVSS 4.3) identified as CVE-2026-1086. The vulnerability affects all versions up to and including 1.3. This is a Cross-Site Request Forgery (CSRF)...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Purchase Button For Affiliate Link (slug: purchase-button) has a Medium-severity vulnerability (CVSS 4.3, CVE-2026-1073) that can be exploited through Cross-Site Request Forgery (CSRF). This attack relies on user interaction: an attacker must trick a...
Recent Comments