WooCommerce Vulnerability (Medium) – CVE-2026-3589

by | Mar 19, 2026 | Plugins

Attack Vectors CVE-2026-3589 is a medium-severity Cross-Site Request Forgery (CSRF) issue affecting the WooCommerce WordPress plugin (versions earlier than 10.5.3). It can be exploited by an unauthenticated attacker if they can trick a logged-in site administrator...

Ultra Admin Vulnerability (Medium) – CVE-2026-22523

by | Mar 19, 2026 | Plugins

Attack Vectors The Ultra WordPress Admin plugin (Ultra Admin, slug: ultra-admin) is affected by a Medium-severity vulnerability (CVSS 6.1) identified as CVE-2026-22523. It is a Reflected Cross-Site Scripting (XSS) issue impacting versions up to and including 11.7....

legacy-admin Vulnerability (Medium) – CVE-2026-22524

by | Mar 19, 2026 | Plugins

Attack Vectors Legacy Admin (WordPress plugin slug: legacy-admin) is affected by a Medium-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVSS 6.1; UI:R) in versions up to and including 9.5, tracked as CVE-2026-22524. The most common attack path is a...