by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-1569 affects the WordPress plugin Wueen (slug: wueen) in versions up to and including 0.2.0. The issue is a Medium severity Stored Cross-Site Scripting (XSS) risk (CVSS 6.4) that can be exploited by an authenticated user with Contributor-level...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2025-68018 affects the WordPress plugin “Order Notification for WooCommerce – Get Audio Alert on new Orders” (slug: woc-order-alert), also known as “Order Listener for WooCommerce,” in versions up to and including 3.6.1. The issue is a missing...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors PixTypes (WordPress plugin slug: pixtypes) has a Medium-severity reflected cross-site scripting (XSS) vulnerability affecting versions up to and including 1.4.15 (CVE: CVE-2023-40205, CVSS 6.1). This issue can be exploited by unauthenticated attackers...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2025-12391 affects the WordPress plugin Restrictions for BuddyPress (slug: bp-restrict) in versions up to and including 1.5.2. Because the issue can be triggered without a logged-in user account, an external attacker can reach the vulnerable...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors The WordPress plugin News Element Elementor Blog Magazine (slug: news-element) has a Critical vulnerability (CVSS 9.8, CVE-2024-6459) that can be exploited without authentication in affected versions (up to and including 1.0.5). That means an external...
Recent Comments