by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24942 is a Medium-severity Cross-Site Request Forgery (CSRF) issue affecting Event Booking Manager for WooCommerce (slug: mage-eventpress), specifically WpEvently versions 5.1.1 and earlier. The primary attack vector involves an unauthenticated...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24940 affects the Tourfic Toolkit (travelfic-toolkit) WordPress plugin in versions up to and including 1.3.3, and it is rated Medium severity (CVSS 4.3). The issue can be exploited over the network and does not require user interaction, which...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-24939 affects the WordPress plugin Modula Image Gallery – Photo Grid & Video Gallery (slug: modula-best-grid-gallery) in versions up to and including 2.13.6. This is a Medium severity issue (CVSS 4.3). The primary risk comes from...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2025-68601 affects the Five Star Restaurant Reservations – WordPress Booking Plugin (slug: restaurant-reservations) in versions up to and including 2.7.8, and is rated Medium severity (CVSS 4.3). The issue is a Cross-Site Request Forgery (CSRF)...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Post Slides (slug: post-slides) is reported as vulnerable to Local File Inclusion (LFI) in versions up to and including 1.0.1. The severity is rated High (CVSS 7.5). The advisory title describes this as an authenticated issue requiring at least a...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2025-15030 is a Critical vulnerability (CVSS 9.8) affecting the WordPress plugin User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (slug: profile-builder) in versions up to and including 3.15.1. The...
Recent Comments