by Ivan Sorkin | Mar 20, 2026 | Plugins
CVE-2026-3335 is a Medium-severity vulnerability (CVSS 5.3) affecting the Canto WordPress plugin in versions up to and including 3.1.1. The issue allows unauthenticated file upload due to missing authorization controls in a directly accessible plugin file. Details are...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1899 is a Medium-severity vulnerability (CVSS 6.4) affecting the Any Post Slider WordPress plugin (slug: any-post-slider) in versions 1.0.4 and earlier. It enables an authenticated attacker with Contributor-level access (or higher) to plant a...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Multi Functional Flexi Lightbox (slug: multi-functional-flexi-lightbox) versions up to and including 1.2 are affected by a Medium-severity stored cross-site scripting (XSS) issue (CVSS 5.5; CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N) tracked as...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3332 is a Medium-severity (CVSS 4.3) Cross-Site Request Forgery (CSRF) issue affecting the WordPress plugin Xhanch – My Advanced Settings (xhanch-my-advanced-settings) in all versions up to and including 1.1.2. An attacker does not need an...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Lobot Slider Administrator (slug: lobot-slider-administrator) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) issue in versions up to and including 0.6.0 (CVE-2026-3331; CVSS 4.3). The practical attack path is social: an attacker can...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-1886 affects the Go Night Pro | WordPress Dark Mode Plugin (slug: go-night-pro) in versions 1.1.0 and below. This is a Medium-severity issue (CVSS 6.4) that can be exploited by an authenticated user with Contributor-level access or higher. The...
Recent Comments