by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors HUMN-1 AI Website Scanner & Human Certification by Winston AI (WordPress plugin slug: winston-ai-wp) has a Medium severity vulnerability (CVSS 4.3, CVE-2026-1981) affecting versions 0.0.3 and earlier. The issue can be triggered by an authenticated...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-2830 is a Medium severity vulnerability (CVSS 6.1) affecting the WordPress plugin WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets (slug: wp-all-import) in versions up to and including 4.0.0. The issue is a...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27439 affects the Dentario WordPress theme (dentario) in versions up to and including 1.5. The issue is an unauthenticated PHP Object Injection risk caused by deserialization of untrusted input. From a business-risk perspective, the most...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors The kingler WordPress theme (Kingler) up to version 1.7 is affected by an unauthenticated PHP Object Injection vulnerability (severity: High, CVSS 8.1). This means an attacker can attempt to target sites using this theme without needing a login, by...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27437 affects the Tennis SportClub – Tennis Sports Events WordPress Theme (slug: tennis-sportclub) in versions up to and including 1.2.3. This is a High severity issue (CVSS 8.1) and is described as an unauthenticated PHP Object Injection...
Recent Comments