by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Product: ElementCamp (slug: element-camp) Severity: Medium (CVSS 6.5 – CVE-2026-2503) This issue affects the ElementCamp WordPress plugin in versions up to and including 2.3.6. The vulnerability is an authenticated (Author+) SQL injection that can be...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Fonts Manager | Custom Fonts (slug: fonts-manager-custom-fonts) is affected by a High severity vulnerability (CVSS 7.5, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) tracked as CVE-2026-1800. Because the issue is unauthenticated, an attacker does not...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3353 is a Medium-severity Stored Cross-Site Scripting (XSS) vulnerability (CVSS 4.4) affecting the Comment SPAM Wiper WordPress plugin (comment-spam-wiper) in versions up to and including 1.2.1. The attack path requires an authenticated user...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors High severity (CVSS 8.8) SQL Injection has been reported in CMS Commander – Manage Multiple Sites (WordPress plugin slug: cms-commander-client) affecting versions up to and including 2.288, tracked as CVE-2026-3334. The attack requires an authenticated...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3333 is a medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting the MinhNhut Link Gateway WordPress plugin (slug: minhnhut-link-gateway) in versions up to and including 3.6.1. It can be exploited by an authenticated user...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3354 is a Medium-severity stored cross-site scripting (XSS) issue (CVSS 4.4) affecting the Wikilookup WordPress plugin (versions <= 1.1.5). The vulnerable entry point is the plugin’s “Popup Width” setting. This is an authenticated...
Recent Comments