by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors JetBooking (WordPress plugin slug: jet-booking) has a High-severity vulnerability (CVSS 7.5) that can be exploited without authentication. According to the disclosed advisory, attackers can target the public-facing functionality that accepts the...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters (slug: wp-google-map-plugin) versions up to and including 4.9.1 are affected by CVE-2026-3222, a High severity issue (CVSS 7.5, vector:...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2026-2707 is a medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting weForms – Easy Drag & Drop Contact Form Builder For WordPress (slug: weforms) in versions up to and including 1.6.27. The primary attack path is through...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors WP ULike – Like & Dislike Buttons for Engagement and Feedback (slug: wp-ulike) is affected by a Medium-severity vulnerability (CVSS 6.4) tracked as CVE-2026-2358. The issue can be exploited by an authenticated user with Contributor-level access (or...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors LearnDash LMS (WordPress plugin slug: sfwd-lms) has a Medium-severity vulnerability (CVE-2024-1210, CVSS 5.3) that can be exploited over the internet by an unauthenticated attacker. The issue is tied to how certain content is exposed via the plugin’s...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2026-2413 is a High severity (CVSS 7.5) SQL Injection vulnerability affecting the WordPress plugin Ally – Web Accessibility & Usability (slug: pojo-accessibility) in versions up to and including 4.0.3. The key business risk is that the attack...
Recent Comments