by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors CVE-2026-4331 affects the WordPress plugin Blog2Social: Social Media Auto Post & Scheduler (slug: blog2social) in versions <= 8.8.2. It is rated Medium severity (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The primary attack...
by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors CVE-2026-4075 is a Medium-severity stored cross-site scripting (XSS) vulnerability (CVSS 6.4) affecting BWL Advanced FAQ Manager Lite (slug: bwl-advanced-faq-manager-lite) in versions up to and including 1.1.1. The most realistic attack path requires an...
by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors Frontend Admin by DynamiApps (WordPress plugin slug: acf-frontend-form-element) is affected by a High-severity vulnerability (CVE-2026-3328, CVSS 7.2) in versions up to and including 3.28.31. The attack requires an authenticated WordPress account with...
by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors CVE-2026-1986 is a Medium-severity (CVSS 6.1) reflected cross-site scripting (XSS) vulnerability affecting FloristPress for Woo – Customize your eCommerce store for your Florist (slug: bakkbone-florist-companion) in versions up to and including 7.8.2....
by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors CVE-2026-4335 is a Medium severity (CVSS 5.4) Stored Cross-Site Scripting (XSS) issue affecting ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF (slug: shortpixel-image-optimiser) in versions 6.4.3 and below. The attack requires an...
by Ivan Sorkin | Mar 25, 2026 | Plugins
Attack Vectors Masteriyo LMS – Online Course Builder for eLearning, LMS & Education (slug: learning-management-system) is affected by a Critical privilege escalation vulnerability (CVE-2026-4484) in versions 2.1.6 and below. The issue allows an authenticated user...
Recent Comments