by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2025-13067 is a High-severity vulnerability (CVSS 8.8) affecting Royal Addons for Elementor – Addons and Templates Kit for Elementor (slug: royal-elementor-addons) in versions up to and including 1.7.1049. The risk comes from an authenticated...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2026-3453 is a High-severity (CVSS 8.1) issue affecting Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress (plugin slug: wp-user-avatar) in versions 4.16.11 and earlier. An...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors MC4WP: Mailchimp for WordPress (slug: mailchimp-for-wp) is affected by CVE-2026-1781, a Medium severity issue (CVSS 6.5, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). In versions up to and including 4.11.1, an attacker can submit a crafted web request...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors Product: RTMKit (WordPress plugin slug: rometheme-for-elementor) Severity: Medium (CVSS 6.1 — CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVE-2025-12473 affects RTMKit versions up to and including 1.6.8. The issue is a reflected cross-site scripting...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2026-2324 affects the WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events (slug: latepoint-2) in versions 5.2.7 and earlier. It is rated Medium severity (CVSS 6.1). The primary attack path is a Cross-Site Request Forgery...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2026-2569 is a Medium severity stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting the Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer WordPress plugin (slug: 3d-flipbook-dflip-lite) in versions 2.4.20 and below. The attack...
Recent Comments