by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-27388 affects the DesignThemes Booking Manager component of DT Booking – WordPress Ultimate Booking Plugin (slug: designthemes-booking-manager) in versions 2.0 and below. The issue is a missing authorization (capability) check on a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors DesignThemes Portfolio (designthemes-portfolio) versions 1.3 and below are affected by a Medium-severity vulnerability (CVSS 6.1) identified as CVE-2026-27385. The issue is a Reflected Cross-Site Scripting (XSS) flaw, which typically relies on an...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors W3 Total Cache (WordPress plugin, slug w3-total-cache) has a Critical vulnerability (CVE-2026-27384) that can allow unauthenticated arbitrary code execution in versions 2.9.1 and earlier. In practical business terms, this means an attacker may be able...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-27379 affects the WordPress plugin NextScripts: Social Networks Auto-Poster (slug: social-networks-auto-poster-facebook-twitter-g) in versions up to and including 4.4.7. It is rated High severity (CVSS 7.5). The primary attack...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27376 is a Medium-severity (CVSS 6.1) reflected cross-site scripting (XSS) vulnerability affecting the Claue – Clean, Minimal Elementor WooCommerce WordPress theme (“claue”) in versions up to and including 2.2.7. In practical terms, an...
Recent Comments