by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Job Postings (WordPress plugin) versions 2.8 and earlier are affected by CVE-2026-23806, rated Medium severity with a CVSS score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). The issue can be reached over the network and does not require a...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-22448 is a Critical vulnerability (CVSS 9.1) affecting the PitchPrint WordPress plugin (slug: pitchprint) in versions up to and including 11.1.2. Because it is unauthenticated, an attacker does not need a login or employee interaction to...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-24964 is a Medium-severity (CVSS 6.4) Server-Side Request Forgery (SSRF) vulnerability affecting the WordPress plugin Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe (slug: contest-gallery) in versions <=...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Darna Framework (WordPress plugin slug: darna-framework) versions up to and including 2.9 are affected by a Medium-severity vulnerability: Reflected Cross-Site Scripting (XSS) (CVE: CVE-2026-27088, CVSS 6.1, vector...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors Wolverine Framework (WordPress plugin slug: wolverine-framework) versions <= 1.9 are affected by a Medium-severity reflected Cross-Site Scripting (XSS) vulnerability (CVSS 6.1, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) tracked as...
by Ivan Sorkin | Mar 19, 2026 | Plugins
Attack Vectors CVE-2026-24364 is a medium-severity missing-authorization issue (CVSS 4.3) affecting User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration (WordPress plugin slug: wp-user-frontend) in versions up to and...
Recent Comments