by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors CVE-2026-25399 affects the Serious Slider WordPress plugin (slug: cryout-serious-slider) in versions up to and including 1.2.7. The issue is a missing authorization (capability) check on a plugin function, which can allow an attacker who already has a...
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors CVE-2025-68048 affects the WordPress plugin NextMove Lite – Thank You Page for WooCommerce (slug: woo-thank-you-page-nextmove-lite) in versions up to and including 2.23.0. With a Medium severity rating (CVSS 5.3), the key concern is that an attacker...
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart (slug: lazytasks-project-task-management) has a Critical vulnerability (CVSS 9.8) that can be exploited remotely over the internet without any user login. In practical...
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors CVE-2025-68072 affects the Easy Property Listings WordPress plugin (slug: easy-property-listings) in versions up to and including 3.5.20. With a Medium severity rating (CVSS 5.3), the primary concern is that an attacker can act without logging in....
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors NextMove Lite – Thank You Page for WooCommerce (slug: woo-thank-you-page-nextmove-lite) versions 2.23.0 and below contain a Medium severity issue (CVSS 5.3) that can be exploited over the network with no login required and no user interaction required...
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors CVE-2026-24619 affects the PopCash.Net Code Integration Tool (WordPress plugin) in versions up to and including 1.8. The issue is rated Medium severity (CVSS 5.3). Because the CVSS vector indicates no privileges required and no user interaction...
Recent Comments