by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors CVE-2026-28071 is a Medium-severity missing authorization issue (CVSS 4.3) affecting the Pixfort Core WordPress plugin (pixfort-core) in versions up to and including 3.2.22. Because the affected function lacks a proper capability (permission) check, an...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors pixfort-core (pixfort Core) versions 3.2.22 and earlier are affected by a Medium-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2026-28072, CVSS 6.1). This type of issue is commonly exploited through social engineering: an attacker...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors Wp EMember (slug: wp-emember) is affected by a Medium-severity reflected cross-site scripting (XSS) vulnerability in versions up to and including v10.2.2 (CVE-2026-28073, CVSS 6.1). This issue can be exploited by an unauthenticated attacker over the...
by Ivan Sorkin | Mar 12, 2026 | Plugins
CVE-2026-28038 is a medium-severity authorization issue (CVSS 4.3) affecting Ultimate Addons for WPBakery Page Builder (slug: Ultimate_VC_Addons) in versions up to and including 3.21.1. According to the published advisory, the plugin lacks a required capability check...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors EventON (Pro) – WordPress Virtual Event Calendar Plugin (slug: eventon) is affected by a Medium-severity vulnerability (CVSS 6.1, CVE-2026-28037) that enables Reflected Cross-Site Scripting (XSS) in versions up to and including 4.9.12. This attack...
by Ivan Sorkin | Mar 12, 2026 | Plugins
Attack Vectors Super Stage WP (slug: super-stage-wp) versions up to and including 1.0.1 are affected by CVE-2026-1542, rated High severity (CVSS 8.1). The reported issue is unauthenticated, meaning an external attacker does not need a login to attempt exploitation...
Recent Comments