by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Paid Videochat Turnkey Site – HTML5 PPV Live Webcams (WordPress plugin slug: ppv-live-webcams) has a High-severity privilege escalation vulnerability (CVSS 8.8, CVE: CVE-2025-8899) affecting versions up to and including 7.3.20. The reported attack path...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors W3 Total Cache (WordPress plugin slug: w3-total-cache) has a Critical vulnerability (CVE-2026-27384, CVSS 9.8) that enables unauthenticated remote code execution in versions up to and including 2.9.1. This means an attacker does not need a login to...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors DirectoryPress – Business Directory And Classified Ad Listing (slug: directorypress) versions 3.6.26 and earlier are affected by a Medium-severity missing authorization issue (CVE-2026-27387, CVSS 4.3). The vulnerability allows an attacker who can log...
by Ivan Sorkin | Mar 6, 2026 | Themes
Attack Vectors CVE-2025-31912 is a Critical vulnerability (CVSS 9.8) affecting the Enzio – Responsive Business WordPress Theme (slug: enzio) in versions earlier than 1.2.6. Because it is unauthenticated, attackers can attempt to exploit it over the internet...
by Ivan Sorkin | Mar 6, 2026 | Themes
Attack Vectors CVE-2025-31064 is a Critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the Vizeon – Business Consulting WordPress theme (slug: vizeon) in versions below 1.2.1. It is an unauthenticated Local File Inclusion...
Recent Comments