Attack Vectors CVE-2026-27046 affects StoreCustomizer – A plugin to Customize all WooCommerce Pages (slug: woocustomizer) in versions <= 2.6.3. This is a Medium severity issue (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The attack scenario...
Our Blog
Helping Businesses Run Better Websites — One Article at a Time
Grand Wedding WordPress Vulnerability (High) – CVE-2026-22417
Attack Vectors CVE-2026-22417 is a High-severity vulnerability (CVSS 8.1) affecting the Grand Wedding WordPress theme (slug: grandwedding) in versions below 3.1.11. The issue can be triggered remotely over the network and does not require a user to be logged in,...
WP CTA – Call Now Button, Sticky Button & Call to Action Builder Vu…
Attack Vectors CVE-2026-22459 is a Medium-severity vulnerability (CVSS 5.3) affecting the WP CTA – Call Now Button, Sticky Button & Call to Action Builder plugin (also marketed as “WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales”) in versions up to and...
Starto | Software AI Startup WordPress Vulnerability (Medium) – CVE…
Attack Vectors Starto (WordPress theme) versions below 2.2.5 are affected by a Medium-severity Reflected Cross-Site Scripting (XSS) issue tracked as CVE-2026-27352 (CVSS 6.1). This vulnerability can be exploited by an unauthenticated attacker by getting a user (for...
Architecturer WordPress for Interior Designer Vulnerability (Medium…
Attack Vectors Architecturer (WordPress theme, slug: architecturer) versions earlier than 3.9.5 are affected by a Medium-severity reflected cross-site scripting (XSS) issue (CVE-2026-27358, CVSS 6.1; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). This...
Music WordPress Vulnerability (Medium) – CVE-2026-27367
Attack Vectors The Musico WordPress theme (slug: musico) is affected by a Medium severity reflected cross-site scripting (XSS) vulnerability (CVE-2026-27367, CVSS 6.1). In practical terms, an attacker can attempt to inject malicious script into a page response by...
WPFore Subscribers