by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors PixTypes (WordPress plugin slug: pixtypes) has a Medium-severity reflected cross-site scripting (XSS) vulnerability affecting versions up to and including 1.4.15 (CVE: CVE-2023-40205, CVSS 6.1). This issue can be exploited by unauthenticated attackers...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2025-12391 affects the WordPress plugin Restrictions for BuddyPress (slug: bp-restrict) in versions up to and including 1.5.2. Because the issue can be triggered without a logged-in user account, an external attacker can reach the vulnerable...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors The WordPress plugin News Element Elementor Blog Magazine (slug: news-element) has a Critical vulnerability (CVSS 9.8, CVE-2024-6459) that can be exploited without authentication in affected versions (up to and including 1.0.5). That means an external...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors The WordPress plugin Easy Voice Mail (slug: easy-voice-mail) is affected by a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVE-2026-1164, CVSS 6.1). The vulnerability is tied to the message parameter and impacts all versions up to and...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-0692 is a High-severity vulnerability (CVSS 7.5) affecting the BlueSnap Payment Gateway for WooCommerce plugin (slug: bluesnap-payment-gateway-for-woocommerce) in versions 3.4.0 and earlier. It enables unauthenticated attackers to submit forged...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors High severity vulnerability (CVSS 7.5) has been identified in the WordPress plugin Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery (slug: new-image-gallery) affecting versions up to and including 1.6.0 (CVE: CVE-2026-22345)....
Recent Comments