by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-2722 is a Medium-severity (CVSS 4.8) Stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin Stock Ticker (slug: stock-ticker) in versions up to and including 3.26.1. The attack occurs through administrator settings where...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-3352 is a High-severity vulnerability (CVSS 7.2) affecting the Easy PHP Settings WordPress plugin (slug: easy-php-settings) in versions 1.0.4 and earlier. The attack requires an authenticated WordPress account with Administrator-level access...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Hammas Calendar (slug: hammas-calendar) has a Medium severity vulnerability (CVSS 6.4) identified as CVE-2026-1902. It affects versions up to and including 1.5.11. The issue can be exploited by an authenticated user with Contributor-level access or...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-1644 is a Medium-severity Cross-Site Request Forgery (CSRF) issue affecting the WP Frontend Profile WordPress plugin (wp-front-end-profile) in versions 1.3.8 and below. In practical terms, an attacker does not need to log in to your site to...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Greenshift – animation and page builder blocks (slug: greenshift-animation-and-page-builder-blocks) has a Medium severity issue (CVSS 5.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) that can be exploited over the internet without requiring a...
Recent Comments