Plugins | WPFore

Broken Link Notifier Vulnerability (Medium) – CVE-2026-25408

by Ivan Sorkin | Mar 6, 2026 | Plugins

Attack Vectors Broken Link Notifier (slug: broken-link-notifier) has a Medium severity vulnerability (CVSS 5.3) identified as CVE-2026-25408. The issue affects versions up to and including 1.3.5. Because the vulnerability involves missing authorization (a missing...

Frontend Admin by DynamiApps Vulnerability (Critical) – CVE-2025-14736

by Ivan Sorkin | Mar 6, 2026 | Plugins

Attack Vectors Frontend Admin by DynamiApps (WordPress plugin slug: acf-frontend-form-element) has a Critical privilege escalation vulnerability (CVSS 9.8) tracked as CVE-2025-14736. The primary attack path is straightforward: if an attacker can reach a user...

midi-Synth Vulnerability (Critical) – CVE-2026-1306

by Ivan Sorkin | Mar 6, 2026 | Plugins

Attack Vectors CVE-2026-1306 affects the midi-Synth WordPress plugin (slug: midi-synth) in versions 1.1.0 and below, and it is rated Critical (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The primary attack path is the plugin’s “export” AJAX action, where...

MDJM Event Management Vulnerability (Medium) – CVE-2026-1650

by Ivan Sorkin | Mar 6, 2026 | Plugins

Attack Vectors CVE-2026-1650 affects the MDJM Event Management WordPress plugin (slug: mobile-dj-manager) in versions up to and including 1.7.8.1. The severity is Medium (CVSS 5.3), and it can be exploited over the network with no login required...

MailArchiver Vulnerability (Medium) – CVE-2026-2721

by Ivan Sorkin | Mar 6, 2026 | Plugins

Attack Vectors MailArchiver (slug: mailarchiver) versions 4.4.0 and earlier are affected by a Medium-severity stored cross-site scripting (XSS) issue (CVSS 4.8). The attack requires an authenticated user with Administrator-level permissions or higher to enter a...

ZIP Code Based Content Protection Vulnerability (High) – CVE-2025-1…

by Ivan Sorkin | Mar 6, 2026 | Plugins

Attack Vectors ZIP Code Based Content Protection (slug: zip-code-based-content-protection) versions 1.0.2 and earlier contain a High-severity SQL injection vulnerability (CVE-2025-14353, CVSS 7.5). The issue is exposed through the publicly reachable “zipcode” input,...

« Older Entries

Next Entries »

Broken Link Notifier Vulnerability (Medium) – CVE-2026-25408

Frontend Admin by DynamiApps Vulnerability (Critical) – CVE-2025-14736

midi-Synth Vulnerability (Critical) – CVE-2026-1306

MDJM Event Management Vulnerability (Medium) – CVE-2026-1650

MailArchiver Vulnerability (Medium) – CVE-2026-2721

ZIP Code Based Content Protection Vulnerability (High) – CVE-2025-1…

Recent Posts

Recent Comments

Archives

Categories

Meta

Location

Follow Us

Subscription

Success!