by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors Starto (WordPress theme) versions up to and including 2.1.9 have a Medium-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2026-27352, CVSS 6.1). This type of issue is commonly triggered when a user interacts with a crafted URL or...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-23802 is a High severity vulnerability (CVSS 7.2) affecting AI Engine – The Chatbot, AI Framework & MCP for WordPress (slug: ai-engine) in versions up to and including 3.3.2. The issue is an authenticated (Editor+) arbitrary file upload,...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2025-69338 is a High-severity vulnerability (CVSS 7.5) affecting the Riode Core WordPress plugin (riode-core) versions 1.6.26 and earlier. It is an unauthenticated SQL injection, meaning an attacker may be able to target a vulnerable site over the...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The WeDesignTech Ultimate Booking Addon (slug: wedesigntech-ultimate-booking-addon) vulnerability CVE-2025-69340 is rated Medium severity (CVSS 5.3). It stems from a missing authorization (capability) check in versions up to and including 1.0.3, which...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Builderall for WordPress (slug: builderall-cheetah-for-wp) versions 3.0.1 and below are affected by a High severity vulnerability (CVSS 8.8) that enables authenticated Remote Code Execution. This means an attacker must first have a valid WordPress...
Recent Comments