by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24965 is a Medium-severity authorization issue affecting the WordPress plugin Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe (slug: contest-gallery) in versions up to and including 28.1.1. The key risk is that...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Strong Testimonials (slug: strong-testimonials) versions up to 3.2.20 are affected by a Medium-severity missing authorization issue (CVSS 4.3) tracked as CVE-2026-24957. The primary attack path is through an authenticated user account with...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors High severity vulnerability (CVSS 7.5) identified as CVE-2026-24954 affects Event Booking Manager for WooCommerce (WordPress plugin slug: mage-eventpress) in versions up to and including 5.0.8. The issue is described as an Authenticated (Contributor+)...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program (slug: mycred) is affected by a Medium-severity vulnerability (CVSS 4.3, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) tracked as CVE-2026-24951. The issue enables...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24947 is a Medium severity issue affecting the WordPress plugin LA-Studio Element Kit for Elementor (slug: lastudio-element-kit) in versions earlier than 1.5.6.3. The vulnerability is described as a missing authorization (capability) check on a...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24945 affects the WordPress plugin Ultra Addons for Contact Form 7 (slug: ultimate-addons-for-contact-form-7) in versions up to and including 3.5.34. The issue is categorized as a missing authorization (“missing capability check”), which means...
Recent Comments