by Ivan Sorkin | Apr 15, 2026 | Uncategorized
Attack Vectors Custom 404 Pro (slug: custom-404-pro) is affected by CVE-2025-62880, a Medium-severity Cross-Site Request Forgery (CSRF) issue (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). This type of vulnerability is typically exploited through...
by Ivan Sorkin | Apr 14, 2026 | Uncategorized
Attack Vectors CVE-2025-68069 is a Medium-severity missing authorization issue affecting the Directorist: AI-Powered Business Directory, Listings & Classified Ads plugin (slug: directorist) in versions up to and including 8.6.6. Because the problem involves a...
by Ivan Sorkin | Apr 14, 2026 | Uncategorized
Vulnerability: CVE-2026-24636 (Medium severity, CVSS 4.3) impacts Sugar Calendar (Lite) – Events Calendar, Event Tickets, and Events Management Platform (slug: sugar-calendar-lite) in versions up to and including 3.9.1. The issue is a missing authorization check that...
by Ivan Sorkin | Apr 14, 2026 | Uncategorized
Attack Vectors Product affected: Test Plugin (test-plugin) Severity: Medium (CVSS 5.5; CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N) This vulnerability (CVE-0000-0001) can be reached over the network and does not require user interaction, meaning it may be exploitable...
by Ivan Sorkin | Apr 14, 2026 | Uncategorized
Attack Vectors Test Plugin (slug: test-plugin) has a Medium severity vulnerability (CVSS 5.5) tracked as CVE-0000-0001. Based on the published CVSS vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N), the most likely path to exploitation is remote access over the...
by Ivan Sorkin | Feb 26, 2026 | Uncategorized
Attack Vectors CVE-2025-60148 affects the Subscribe to Download WordPress plugin (slug: subscribe-to-download) in versions up to and including 2.0.9. The issue is rated Medium severity (CVSS 4.3). The primary attack path is through a logged-in WordPress account. An...
Recent Comments