by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Linksy Search and Replace (slug: linksy-search-and-replace) has a High severity vulnerability (CVSS 8.8, CVE-2026-2941) that can be exploited by an authenticated user with Subscriber-level access or higher. That means the risk is most relevant to...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors WP-Chatbot for Messenger (slug: wp-chatbot) is affected by CVE-2026-3506, a Medium severity issue (CVSS 5.3, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Because the vulnerable action is reachable over the network and does not require...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors The Pre* Party Resource Hints WordPress plugin (slug: pre-party-browser-hints) has a Medium-severity vulnerability (CVSS 6.5) tracked as CVE-2026-4087. This issue can be exploited remotely over the internet and requires a user to be logged in with...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation (slug: optin) is affected by a High-severity vulnerability (CVSS 7.2, CVE-2026-4302) that can be exploited without authentication. An attacker can send crafted...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors Product: Scoreboard for HTML5 Games Lite (WordPress plugin). Severity: Medium (CVSS 6.4; CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). CVE: CVE-2026-4083. This issue is an authenticated Stored Cross-Site Scripting (XSS) vulnerability that requires an...
by Ivan Sorkin | Mar 20, 2026 | Plugins
Attack Vectors CVE-2026-3572 is a medium-severity vulnerability (CVSS 6.1) affecting the iTracker360 WordPress plugin (slug: itracker) in versions 2.2.0 and below. The issue combines Cross-Site Request Forgery (CSRF) with Stored Cross-Site Scripting (Stored XSS)...
Recent Comments