by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors Add Custom Codes – Insert Header, Footer, Custom PHP Snippets, CSS, Javascript (slug: add-custom-codes) versions 4.80 and below contain a medium-severity Cross-Site Request Forgery (CSRF) issue tracked as CVE-2025-62739 (CVSS 4.3). This attack does not...
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors CVE-2025-58001 is a Medium severity vulnerability (CVSS 6.4) affecting the Compact Archives WordPress plugin (compact-archives) in versions 4.1.0 and below. It is an authenticated Stored Cross-Site Scripting (XSS) issue, meaning an attacker must have a...
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors Bonus for Woo (slug: bonus-for-woo) versions up to and including 7.6.6 are affected by an insufficient input validation issue (CVE-2025-58835) with a Medium severity rating (CVSS 5.3). Based on the published scoring vector (AV:N/AC:L/PR:N/UI:N), the...
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors CVE-2025-39493 affects the Rankie – WordPress Rank Tracker Plugin (slug: valvepress-rankie) in versions prior to 1.8.2. The issue is a missing authorization (capability) check on a plugin function, which means an attacker who can log in as a...
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors ValidateCertify Free (slug: validar-certificados-de-cursos) versions up to and including 1.6.4 are affected by a Cross-Site Request Forgery (CSRF) vulnerability (Medium severity; CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N;...
by Ivan Sorkin | Mar 18, 2026 | Plugins
Attack Vectors Starfish Review Generation & Marketing for WordPress (slug: starfish-reviews) versions up to and including 3.1.19 contain a High severity vulnerability (CVSS 8.8) tracked as CVE-2025-39533. The primary attack path is straightforward for an...
Recent Comments