by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-22459 is a Medium-severity vulnerability (CVSS 5.3) affecting the WP CTA – Call Now Button, Sticky Button & Call to Action Builder plugin (also marketed as “WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales”) in versions up to and...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors Profile Builder Pro versions before 3.14.0 are affected by a High-severity vulnerability (CVE-2026-27413, CVSS 7.5) that can be exploited without authentication. In practical terms, this means an external attacker can target a vulnerable website over...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2025-52753 is a medium-severity (CVSS 6.1) reflected cross-site scripting (XSS) issue affecting the WordPress plugin Contact Form by Supsystic (slug: contact-form-by-supsystic) in versions up to and including 1.7.36. The attack is typically...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-24555 is a Medium-severity Stored Cross-Site Scripting (XSS) issue affecting the ArtPlacer Widget WordPress plugin (slug: artplacer-widget) in versions up to and including 2.23.2. The vulnerability can be exploited by an authenticated user with...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-24571 is a Medium-severity authorization issue (CVSS 4.3) affecting the BOX NOW Delivery WordPress plugin (box-now-delivery) in versions up to and including 3.0.2. The risk is triggered when an attacker already has a valid login (for example, a...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2025-68020 affects the WANotifier / Notifications for Forms & WordPress Actions plugin (slug: notifier) in versions up to and including 2.7.13. The issue is a missing authorization (capability) check, which means an attacker does not need an...
Recent Comments