by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-27374 affects the WooCommerce Order Details plugin (woocommerce-order-details) for WordPress, with a Medium severity rating (CVSS 5.3). The reported issue is a missing authorization (capability) check in versions up to and including 3.1. From a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Medium severity (CVSS 5.3) information exposure issues are often exploited quietly because they do not require malware or complex steps—just the ability to reach a vulnerable site. In Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27369 is a High-severity vulnerability (CVSS 8.1) affecting the Celeste WordPress theme (slug: celeste) in versions up to and including 1.3.6. The issue is an unauthenticated PHP Object Injection weakness caused by deserialization of untrusted...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors Musico (WordPress theme) versions up to and including 3.2.4 are affected by a Medium-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2026-27367, CVSS 6.1). This type of issue is typically exploited by sending a crafted link to a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Bakery Autoresponder Addon (WordPress plugin slug: vc-autoresponder-addon) has a High severity vulnerability (CVSS 7.2, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) identified as CVE-2026-27363. The issue is an unauthenticated stored cross-site...
Recent Comments