by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27353 is a Medium-severity reflected cross-site scripting (XSS) issue affecting the Grand News WordPress theme (grandnews) in versions up to and including 3.4.3 (CVSS 6.1). Reflected XSS commonly occurs when a website includes user-supplied...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors Photography (slug: photography-2) for WordPress is affected by a High-severity vulnerability (CVSS 7.2, CVE-2026-27348) that allows unauthenticated stored cross-site scripting (XSS) in versions up to and including 7.6.1. In business terms, this means an...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Scientific and Interactive Blocks – inseri core (WordPress plugin slug: inseri-core) versions up to and including 1.0.5 have a Medium severity issue (CVSS 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) tracked as CVE-2026-27344. The core risk...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Medium severity vulnerability CVE-2025-69343 affects the Theater for WordPress plugin (slug: theatre) in versions <= 0.19. It is a Stored Cross-Site Scripting (XSS) issue that can be exploited by an authenticated user with Subscriber-level access or...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Responsive Lightbox & Gallery (slug: responsive-lightbox) versions prior to 2.6.1 are affected by a High-severity vulnerability (CVSS 7.2) tracked as CVE-2025-15386. The issue is an unauthenticated stored cross-site scripting (XSS) weakness, meaning...
Recent Comments