by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors CVE-2026-3228 is a Medium-severity issue (CVSS 6.4) affecting the NextScripts: Social Networks Auto-Poster WordPress plugin (slug: social-networks-auto-poster-facebook-twitter-g) in versions 4.4.6 and earlier. The vulnerability is an authenticated...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors Unlimited Elements For Elementor (slug: unlimited-elements-for-elementor) is affected by a High-severity vulnerability (CVE-2026-2724, CVSS 7.2) that can be exploited without authentication. An attacker can submit specially crafted content through the...
by Ivan Sorkin | Mar 10, 2026 | Plugins
Attack Vectors MetForm Pro (slug: metform-pro) is affected by a High-severity vulnerability that allows unauthenticated stored cross-site scripting (Stored XSS) through the plugin’s Quiz feature in versions 3.9.6 and earlier. Because no login is required, an attacker...
by Ivan Sorkin | Mar 9, 2026 | Plugins
Attack Vectors Tutor LMS Pro (slug: tutor-pro) is affected by CVE-2026-0953, a Critical authentication bypass vulnerability (CVSS 9.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) impacting all versions up to and including 3.9.5 when the Social Login add-on is...
by Ivan Sorkin | Mar 9, 2026 | Plugins
Attack Vectors The Events Calendar plugin for WordPress (slug: the-events-calendar) has a High severity vulnerability (CVSS 7.5) identified as CVE-2026-3585. According to the published advisory, the issue can be exploited by an authenticated attacker with Author-level...
by Ivan Sorkin | Mar 9, 2026 | Plugins
Attack Vectors Time Sheets (WordPress plugin slug: time-sheets) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-10055, CVE record). The published score is CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). CSRF is most...
Recent Comments