by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Mobile App Editor – WordPress to Android App Builder (slug: mobile-app-editor) has a High severity vulnerability (CVSS 7.2, CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) tracked as CVE-2026-27067. Because it requires an authenticated user with...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-27054 is a Medium-severity (CVSS 6.1) Reflected Cross-Site Scripting (XSS) issue affecting the Penci Soledad Data Migrator WordPress plugin (penci-data-migrator) in versions up to and including 1.3.1. The primary attack path is social...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-24968 affects the WordPress plugin Xagio SEO – AI Powered SEO (slug: xagio-seo) in versions up to and including 7.1.0.30. Because this is an unauthenticated privilege escalation, an attacker can target a site remotely over the internet without...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors MetForm Pro (slug: metform-pro) versions up to and including 3.9.1 are affected by CVE-2026-24611, rated Medium severity (CVSS 5.3). According to Wordfence, the issue can allow unauthenticated attackers (no login required) to trigger an unauthorized...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2025-15473 affects the WordPress plugin Timetics – Appointment Booking Calendar & Scheduling System (slug: timetics) in versions below 1.0.52. Because the issue can be triggered without logging in (no account required), an external attacker can...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-24372 is a Medium-severity vulnerability (CVSS 5.3) affecting the Subscriptions for WooCommerce WordPress plugin (slug: subscriptions-for-woocommerce) in versions up to and including 1.8.10. Because the issue can be triggered by unauthenticated...
Recent Comments