by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-3352 is a High-severity vulnerability (CVSS 7.2) affecting the Easy PHP Settings WordPress plugin (slug: easy-php-settings) in versions 1.0.4 and earlier. The attack requires an authenticated WordPress account with Administrator-level access...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Hammas Calendar (slug: hammas-calendar) has a Medium severity vulnerability (CVSS 6.4) identified as CVE-2026-1902. It affects versions up to and including 1.5.11. The issue can be exploited by an authenticated user with Contributor-level access or...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors CVE-2026-1644 is a Medium-severity Cross-Site Request Forgery (CSRF) issue affecting the WP Frontend Profile WordPress plugin (wp-front-end-profile) in versions 1.3.8 and below. In practical terms, an attacker does not need to log in to your site to...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors Greenshift – animation and page builder blocks (slug: greenshift-animation-and-page-builder-blocks) has a Medium severity issue (CVSS 5.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) that can be exploited over the internet without requiring a...
by Ivan Sorkin | Mar 6, 2026 | Plugins
Attack Vectors HUMN-1 AI Website Scanner & Human Certification by Winston AI (WordPress plugin slug: winston-ai-wp) has a Medium severity vulnerability (CVSS 4.3, CVE-2026-1981) affecting versions 0.0.3 and earlier. The issue can be triggered by an authenticated...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-2830 is a Medium severity vulnerability (CVSS 6.1) affecting the WordPress plugin WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets (slug: wp-all-import) in versions up to and including 4.0.0. The issue is a...
Recent Comments