by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors W3 Total Cache (WordPress plugin, slug w3-total-cache) has a Critical vulnerability (CVE-2026-27384) that can allow unauthenticated arbitrary code execution in versions 2.9.1 and earlier. In practical business terms, this means an attacker may be able...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-27379 affects the WordPress plugin NextScripts: Social Networks Auto-Poster (slug: social-networks-auto-poster-facebook-twitter-g) in versions up to and including 4.4.7. It is rated High severity (CVSS 7.5). The primary attack...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-27374 affects the WooCommerce Order Details plugin (woocommerce-order-details) for WordPress, with a Medium severity rating (CVSS 5.3). The reported issue is a missing authorization (capability) check in versions up to and including 3.1. From a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Medium severity (CVSS 5.3) information exposure issues are often exploited quietly because they do not require malware or complex steps—just the ability to reach a vulnerable site. In Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Bakery Autoresponder Addon (WordPress plugin slug: vc-autoresponder-addon) has a High severity vulnerability (CVSS 7.2, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) identified as CVE-2026-27363. The issue is an unauthenticated stored cross-site...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The Bakery Autoresponder Addon plugin (product slug: vc-autoresponder-addon) has a missing authorization (capability) check in versions up to and including 1.0.6. With a Medium severity rating (CVSS 5.3), this issue can allow an unauthenticated attacker...
Recent Comments