by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The PowerPress Podcasting plugin by Blubrry (slug: powerpress) is affected by a High-severity vulnerability (CVE-2026-23798, CVSS 7.5) in versions up to and including 11.15.10. The issue can be triggered by an authenticated WordPress user with...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-27359 is a Medium-severity reflected cross-site scripting (XSS) vulnerability affecting the Awa Plugins WordPress plugin (awa-plugins) in versions 1.4.4 and below. Reflected XSS typically relies on a victim being prompted to interact with a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-23799 is a Medium severity missing authorization issue in the Tutor LMS – eLearning and online course solution WordPress plugin (slug: tutor), affecting versions up to and including 3.9.5. The primary attack path involves an attacker who...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-23802 is a High severity vulnerability (CVSS 7.2) affecting AI Engine – The Chatbot, AI Framework & MCP for WordPress (slug: ai-engine) in versions up to and including 3.3.2. The issue is an authenticated (Editor+) arbitrary file upload,...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2025-69338 is a High-severity vulnerability (CVSS 7.5) affecting the Riode Core WordPress plugin (riode-core) versions 1.6.26 and earlier. It is an unauthenticated SQL injection, meaning an attacker may be able to target a vulnerable site over the...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The WeDesignTech Ultimate Booking Addon (slug: wedesigntech-ultimate-booking-addon) vulnerability CVE-2025-69340 is rated Medium severity (CVSS 5.3). It stems from a missing authorization (capability) check in versions up to and including 1.0.3, which...
Recent Comments