by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-32458 is a Medium-severity (CVSS 4.9) SQL Injection vulnerability affecting WOLF – WordPress Posts Bulk Editor and Manager Professional (slug: bulk-editor) in versions <= 1.0.8.7. The attack requires an authenticated WordPress user with...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Website LLMs.txt (slug: website-llms-txt) versions 8.2.6 and earlier are affected by a Medium-severity reflected cross-site scripting (XSS) issue (CVE-2026-27068, CVSS 6.1). The most likely attack path is social engineering: an unauthenticated attacker...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-2687 is a Medium severity Stored Cross-Site Scripting (XSS) issue (CVSS 4.4: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N) affecting the Reading progressbar WordPress plugin (slug: reading-progress-bar) in versions up to 1.3.1. The attack...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-32459 is a medium-severity SQL Injection vulnerability (CVSS 4.9) affecting the UpsellWP – WooCommerce Upsell and Related Products Offers plugin (slug: checkout-upsell-and-order-bumps) in versions 2.2.4 and below. The issue is not a public,...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Ultra Addons for Contact Form 7 (slug: ultimate-addons-for-contact-form-7) is affected by an Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) vulnerability in versions up to and including 3.5.36 (CVE: CVE-2026-32460). The severity is rated...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-27046 is a Medium-severity authorization issue affecting StoreCustomizer – A plugin to Customize all WooCommerce Pages (slug: woocustomizer) in versions <= 2.6.3. The vulnerability can be exploited remotely over the network (CVSS 4.3;...
Recent Comments