Plugins | WPFore

SUMO Affiliates Pro Vulnerability (Critical) – CVE-2025-32291

by Ivan Sorkin | Feb 25, 2026 | Plugins

Attack Vectors CVE-2025-32291 impacts the SUMO Affiliates Pro WordPress plugin (slug: affs) in versions 10.7.0 and below. With a Critical severity rating (CVSS 9.8, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), this issue is especially concerning because it...

New User Approve Vulnerability (Medium) – CVE-2025-63030

by Ivan Sorkin | Feb 25, 2026 | Plugins

Attack Vectors CVE-2025-63030 is a medium-severity Cross-Site Request Forgery (CSRF) issue affecting the New User Approve WordPress plugin (slug: new-user-approve) in versions up to and including 3.2.0 (CVSS 4.3). CSRF attacks rely on user interaction: an attacker...

CF7 7 Mailchimp Add-on Vulnerability (Medium) – CVE-2025-29012

by Ivan Sorkin | Feb 25, 2026 | Plugins

Attack Vectors CVE-2025-29012 affects the CF7 7 Mailchimp Add-on WordPress plugin (slug: CF7-mailchimp-addon) in versions <= 2.2. Because the issue can be triggered without logging in and requires no user interaction, any site running a vulnerable version is...

Magic Responsive Slider and Carousel WordPress Vulnerability (Mediu…

by Ivan Sorkin | Feb 25, 2026 | Plugins

Attack Vectors CVE-2025-31640 is a Medium-severity SQL Injection vulnerability (CVSS 6.5, CVE record) affecting the Magic Responsive Slider and Carousel WordPress plugin (slug: magic-carousel) in versions <= 1.4. The key risk factor is that the attack is...

CSS3 Tooltips for WordPress Vulnerability (Medium) – CVE-2025-32180

by Ivan Sorkin | Feb 25, 2026 | Plugins

Medium severity access-control issue affecting the CSS3 Tooltips for WordPress plugin (slug: css3_tooltips) has been disclosed as CVE-2025-32180. In versions 1.8 and below, a missing authorization (capability) check can allow an authenticated user with...

Lead Form Builder & Contact Form Vulnerability (Medium) – CVE-2025-…

by Ivan Sorkin | Feb 25, 2026 | Plugins

Attack Vectors CVE-2025-68046 affects the WordPress plugin Lead Form Builder & Contact Form (slug: lead-form-builder) in versions up to and including 2.0.1. The issue is rated Medium severity (CVSS 4.3). The key risk factor is that exploitation requires a valid...

« Older Entries

Next Entries »

SUMO Affiliates Pro Vulnerability (Critical) – CVE-2025-32291

New User Approve Vulnerability (Medium) – CVE-2025-63030

CF7 7 Mailchimp Add-on Vulnerability (Medium) – CVE-2025-29012

Magic Responsive Slider and Carousel WordPress Vulnerability (Mediu…

CSS3 Tooltips for WordPress Vulnerability (Medium) – CVE-2025-32180

Lead Form Builder & Contact Form Vulnerability (Medium) – CVE-2025-…

Recent Posts

Recent Comments

Archives

Categories

Meta

Location

Follow Us

Subscription

Success!