by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Consensus Embed (slug: consensus-embed) has a Medium severity vulnerability (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) tracked as CVE-2026-1823. The issue is a stored cross-site scripting (XSS) risk triggered through the plugin’s consensus...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors The vulnerability (CVE-2026-1820) affects the WordPress plugin Media Library Alt Text Editor (slug: media-library-alt-text-editor) in versions up to and including 1.0.0. It is rated Medium severity (CVSS 6.4). An attacker needs a valid WordPress account...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Medium severity vulnerability (CVSS 4.3) affects The Guardian News Feed WordPress plugin (slug: the-guardian-news-feed) in versions 1.2 and below. The issue is a Cross-Site Request Forgery (CSRF) that targets the plugin’s settings update action. In...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors The WordPress plugin MyQtip – easy qTip2 (slug: myqtip-easy-qtip2) has a Medium-severity vulnerability (CVSS 6.4, CVE-2026-1574) that can be exploited by an authenticated user with Contributor-level access or higher. An attacker can place malicious...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-1569 affects the WordPress plugin Wueen (slug: wueen) in versions up to and including 0.2.0. The issue is a Medium severity Stored Cross-Site Scripting (XSS) risk (CVSS 6.4) that can be exploited by an authenticated user with Contributor-level...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2025-68018 affects the WordPress plugin “Order Notification for WooCommerce – Get Audio Alert on new Orders” (slug: woc-order-alert), also known as “Order Listener for WooCommerce,” in versions up to and including 3.6.1. The issue is a missing...
Recent Comments