by Ivan Sorkin | Mar 22, 2026 | Plugins
Attack Vectors CVE-2025-10736 is a Medium-severity vulnerability (CVSS 6.5) affecting the WordPress plugin ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema (slug: reviewx) in versions up to and including 2.2.10. Because this issue can...
by Ivan Sorkin | Mar 22, 2026 | Plugins
Attack Vectors CVE-2026-2580 is a High severity (CVSS 7.5) vulnerability affecting the WordPress plugin WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters (slug: wp-google-map-plugin) in versions up to and including 4.9.1. The...
by Ivan Sorkin | Mar 21, 2026 | Plugins
Attack Vectors CVE-2026-3427 affects the Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin (slug: wordpress-seo) in versions up to and including 27.1.1. It is a Medium severity issue (CVSS 6.4) that requires an attacker to have an authenticated...
by Ivan Sorkin | Mar 21, 2026 | Plugins
Attack Vectors CVE-2026-4314 is a High-severity privilege escalation vulnerability (CVSS 8.8, vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting The Ultimate WordPress Toolkit – WP Extended (slug: wpextended) in versions up to and including 3.2.4. The...
by Ivan Sorkin | Mar 21, 2026 | Plugins
Attack Vectors CVE-2026-3629 is a High severity (CVSS 8.1) privilege-escalation vulnerability affecting the WordPress plugin Import and export users and customers (slug: import-users-from-csv-with-meta) in versions up to and including 1.29.7. An unauthenticated...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-4373 is a High-severity vulnerability (CVSS 7.5) affecting the JetFormBuilder — Dynamic Blocks Form Builder plugin (slug: jetformbuilder) in versions up to and including 3.5.6.2. An unauthenticated attacker can exploit this issue remotely by...
Recent Comments