by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors WP YouTube Lyte (slug: wp-youtube-lyte) versions 1.7.29 and below are affected by a Medium-severity Stored Cross-Site Scripting issue (CVE-2026-3299, CVSS 6.4). The vulnerability is triggered through the plugin’s “lyte” shortcode, where certain...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-4880 is a Critical vulnerability (CVSS 9.8, CVE record) affecting the WordPress plugin Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) (slug:...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors This Medium-severity vulnerability (CVSS 4.3) affects the WordPress plugin “Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress” (slug: wp-user-avatar) in versions up to and including...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2026-1852 affects the Product Pricing Table by WooBeWoo WordPress plugin (slug: woo-product-pricing-tables) in versions up to and including 1.1.0. This is a Medium severity issue (CVSS 6.1). The primary attack path is Cross-Site Request Forgery...
by Ivan Sorkin | Apr 14, 2026 | Plugins
Attack Vectors MetForm Pro (slug: metform-pro) versions 3.9.7 and earlier are affected by CVE-2026-1782 (severity: Medium, CVSS 5.3). The issue can be exploited by an unauthenticated attacker (no login required) when your site uses a MetForm Pro form configured with...
by Ivan Sorkin | Apr 14, 2026 | Plugins
Attack Vectors Visa Acceptance Solutions for WordPress (versions <= 2.1.0) has a Critical authentication bypass vulnerability tracked as CVE-2026-3461 (CVSS 9.8; CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Because it is exploitable over the network with no login...
Recent Comments