by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The Bakery Autoresponder Addon plugin (product slug: vc-autoresponder-addon) has a missing authorization (capability) check in versions up to and including 1.0.6. With a Medium severity rating (CVSS 5.3), this issue can allow an unauthenticated attacker...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The PowerPress Podcasting plugin by Blubrry (slug: powerpress) is affected by a High-severity vulnerability (CVE-2026-23798, CVSS 7.5) in versions up to and including 11.15.10. The issue can be triggered by an authenticated WordPress user with...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-27359 is a Medium-severity reflected cross-site scripting (XSS) vulnerability affecting the Awa Plugins WordPress plugin (awa-plugins) in versions 1.4.4 and below. Reflected XSS typically relies on a victim being prompted to interact with a...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors Architecturer (WordPress theme) versions up to and including 3.8.8 are affected by a Medium-severity issue (CVSS 6.1) tracked as CVE-2026-27358. This is a reflected cross-site scripting (XSS) vulnerability, which typically relies on persuading a person...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-23799 is a Medium severity missing authorization issue in the Tutor LMS – eLearning and online course solution WordPress plugin (slug: tutor), affecting versions up to and including 3.9.5. The primary attack path involves an attacker who...
Recent Comments