by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25364 is a Medium-severity (CVSS 5.3) missing authorization issue affecting Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress (slug: sprout-invoices) in versions up to and including 20.8.8. Because the weakness can...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors The issue affects the WordPress plugin SureForms – Contact Form, Payment Form & Other Custom Form Builder (slug: sureforms) in versions up to and including 2.2.1. It is rated Medium severity with a CVSS 5.3 score...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25368 is a Medium-severity missing authorization issue (CVSS 4.3) affecting the Calculated Fields Form WordPress plugin (slug: calculated-fields-form) in versions up to and including 5.4.4.1. The primary attack vector is an authenticated user...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-27072 is a High severity vulnerability (CVSS 7.2) affecting the PixelYourSite – Your smart PIXEL (TAG) & API Manager WordPress plugin (pixelyoursite) in versions <= 11.2.0.1. It is an unauthenticated Stored Cross-Site Scripting (XSS)...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Academy LMS – WordPress LMS Plugin for Complete eLearning Solution (slug: academy) is affected by a Medium-severity missing authorization issue (CVE-2026-25372, CVSS 4.3) in versions 3.5.3 and earlier. The primary attack vector is an authenticated user...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-23541 is a medium-severity missing-authorization issue in the Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more WordPress plugin (slug: mail-mint), affecting versions up to and including...
Recent Comments