by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-27541 affects the WordPress plugin Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices (slug: woocommerce-wholesale-prices) in versions up to and including 2.2.6, and is rated High severity (CVSS 7.2)....
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2025-63052 is a Medium-severity (CVSS 6.4) Stored Cross-Site Scripting (XSS) issue affecting the SimpLy Gallery plugin for WordPress (Mixed Media Gallery Blocks, slug: simply-gallery-block) in versions up to and including 3.3.2.1. The primary attack...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Paid Videochat Turnkey Site – HTML5 PPV Live Webcams (WordPress plugin slug: ppv-live-webcams) has a High-severity privilege escalation vulnerability (CVSS 8.8, CVE: CVE-2025-8899) affecting versions up to and including 7.3.20. The reported attack path...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors W3 Total Cache (WordPress plugin slug: w3-total-cache) has a Critical vulnerability (CVE-2026-27384, CVSS 9.8) that enables unauthenticated remote code execution in versions up to and including 2.9.1. This means an attacker does not need a login to...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors DirectoryPress – Business Directory And Classified Ad Listing (slug: directorypress) versions 3.6.26 and earlier are affected by a Medium-severity missing authorization issue (CVE-2026-27387, CVSS 4.3). The vulnerability allows an attacker who can log...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2025-68029 affects the WordPress plugin Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments (slug: wallet-system-for-woocommerce) in versions 2.7.3 and...
Recent Comments