by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Comment Genius (WordPress plugin slug: comment-genius) versions up to and including 1.2.5 are affected by CVE-2026-1647, a medium-severity reflected cross-site scripting (XSS) issue (CVSS 6.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). This is a...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors WP NG Weather (slug: wp-ng-weather) is affected by a Medium-severity vulnerability (CVSS 6.4) tracked as CVE-2026-1822. The issue is a Stored Cross-Site Scripting (XSS) vulnerability that can be triggered through the plugin’s ng-weather shortcode when...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1806 is a Medium severity stored cross-site scripting (XSS) issue (CVSS 6.4) affecting the Tour & Activity Operator Plugin for TourCMS (WordPress slug: tour-operator-plugin) in versions <= 1.7.0. The vulnerability is reachable over the...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1935 is a Medium severity vulnerability (CVSS 4.3) affecting the WordPress plugin Company Posts for LinkedIn (slug: company-posts-for-linkedin) in versions <= 1.0.0. The issue is a missing authorization check that allows an authenticated...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1253 is a Medium-severity authorization issue (CVSS 5.3) affecting Group Chat & Video Chat by AtomChat (slug: atomchat) versions up to and including 1.1.7. The risk is triggered when an attacker can authenticate to your WordPress site with...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors rexCrawler (slug: rexcrawler) versions up to and including 1.0.15 are affected by a Medium-severity reflected cross-site scripting (XSS) issue (CVSS 6.1; CVE-2026-2277). The vulnerable entry point is the plugin’s search-pattern tester page, where the...
Recent Comments