by Ivan Sorkin | Mar 9, 2026 | Plugins
CVE-2025-31805 is a Medium-severity (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) Stored Cross-Site Scripting (XSS) vulnerability affecting Gutena Kit – Gutenberg Blocks and Templates (WordPress plugin slug: gutena-kit) in versions <= 2.0.7. It allows an...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Meta Box (slug: meta-box) versions 5.11.1 and earlier contain a High severity vulnerability (CVSS 7.2) identified as CVE-2025-14675. The issue is an authenticated attack, meaning the attacker must already have a valid WordPress account. The documented...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Medium severity (CVSS 6.1) vulnerability CVE-2026-2433 affects the WordPress plugin RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging (slug: wp-rss-aggregator) in versions up to and including 5.0.11. The issue is a DOM-based...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Shortcoder — Create Shortcodes for Anything (slug: shortcoder) is affected by a Medium severity issue (CVSS 6.4) identified as CVE-2026-27074. This is an authenticated Stored Cross-Site Scripting (XSS) vulnerability impacting versions up to and...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors The WordPress plugin Fade Slider (slug: fade-slider) has a Medium severity vulnerability (CVSS 6.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) affecting versions up to and including 2.5. This issue is a Reflected Cross-Site Scripting (XSS) weakness,...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors High severity vulnerability (CVSS 7.2) affects the WordPress plugin WP App Bar (slug: wp-app-bar) in versions up to and including 1.5. Identified as CVE-2026-1074, this issue allows unauthenticated attackers to inject stored malicious scripts using the...
Recent Comments