by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors The Community Events WordPress plugin (slug: community-events) has a Medium-severity SQL Injection vulnerability (CVE-2026-2429) affecting versions up to and including 1.5.8. The vulnerable entry point is a venue-related CSV import workflow, where the...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors High severity (CVSS 7.5) vulnerability CVE-2026-2020 affects the JS Archive List WordPress plugin (slug: jquery-archive-list-widget) in versions 6.1.7 and below. The issue can be exploited by an authenticated user with Contributor-level access or...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors In ProfileGrid – User Profiles, Groups and Communities (slug: profilegrid-user-profiles-groups-and-communities), versions up to and including 5.9.8.1 contain a Medium-severity authorization gap (CVE-2026-2488, CVSS 4.3). This weakness can be abused by...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-2494 is a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin ProfileGrid – User Profiles, Groups and Communities (slug: profilegrid-user-profiles-groups-and-communities) affecting versions up to and...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CM Custom Reports – Flexible reporting to track what matters most (slug: cm-custom-reports) has a Medium-severity vulnerability (CVSS 6.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) identified as CVE-2026-2431. It is a Reflected Cross-Site Scripting...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-2722 is a Medium-severity (CVSS 4.8) Stored Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin Stock Ticker (slug: stock-ticker) in versions up to and including 3.26.1. The attack occurs through administrator settings where...
Recent Comments