by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors myLinksDump (slug: mylinksdump) versions 1.6 and below are affected by a High-severity SQL Injection vulnerability (CVE-2026-2279, CVSS 7.2). The issue is triggered through the sort_by and sort_order parameters, which can be abused to manipulate...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-2427 is a Medium severity (CVSS 6.1) Reflected Cross-Site Scripting (XSS) issue affecting the itsukaita WordPress plugin in versions up to and including 0.1.2. The flaw is triggered through user-supplied input in the day_from and day_to...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors The login_register WordPress plugin (slug: login-register) is affected by CVE-2026-1503 with Medium severity (CVSS 4.3). This issue can be exploited remotely over the internet, but it typically requires user interaction: an attacker must trick an...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-2424 is a medium-severity Stored Cross-Site Scripting (XSS) issue in the Reward Video Ad for WordPress plugin (slug: applixir) affecting versions 1.6 and below. The attack requires an authenticated user with Administrator-level access (or...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Product: Ed’s Font Awesome (slug: eds-font-awesome) Vulnerability: CVE-2026-2496 (Medium severity, CVSS 6.4; vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) This issue affects Ed’s Font Awesome versions 2.0 and earlier. An attacker...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Ed’s Social Share (slug: eds-social-share) has a Medium-severity vulnerability (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) tracked as CVE-2026-2501. The issue affects all versions up to, and including, 2.0. An attacker must be...
Recent Comments