by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors Tutor LMS Pro (slug: tutor-pro) versions up to and including 3.9.6 are affected by CVE-2026-22332, a High severity vulnerability (CVSS 7.5; vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). This issue is an unauthenticated SQL Injection, meaning an...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors WPAdverts – Classifieds Plugin (slug: wpadverts) is affected by CVE-2026-27092, a Medium-severity issue (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) in versions <= 2.3.0. The attack requires a valid WordPress login. An...
by Ivan Sorkin | Apr 15, 2026 | Plugins
TS Poll – Survey, Versus Poll, Image Poll, Video Poll (WordPress plugin slug: poll-wp) has a Medium-severity missing authorization issue tracked as CVE-2025-68588. According to the public advisory, versions up to and including 2.5.5 lack a required capability check on...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors The WooReports — Advanced Reporting for WooCommerce (slug: wc-reports-lite) plugin is affected by a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-62957) in versions up to and including 1.0.0. The reported severity is Medium (CVSS 4.3). This...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2025-63050 is a Medium-severity (CVSS 6.4) Stored Cross-Site Scripting (XSS) vulnerability affecting the reHub Framework WordPress plugin (slug: rehub-framework) in versions before 19.9.9.7. The attack requires an authenticated WordPress user with...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors Tapfiliate (WordPress plugin) versions up to and including 3.2.2 are affected by a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVE-2025-58689, CVSS 6.4). An attacker must be authenticated and have at least Contributor-level access (or...
Recent Comments