by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Builderall for WordPress (slug: builderall-cheetah-for-wp) versions 3.0.1 and below are affected by a High severity vulnerability (CVSS 8.8) that enables authenticated Remote Code Execution. This means an attacker must first have a valid WordPress...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-28135 affects the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (slug: royal-elementor-addons) in versions up to and including 1.7.1049. Rated Medium severity (CVSS 5.3), it can be triggered remotely over...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors High severity vulnerability CVE-2026-28134 affects the JetEngine WordPress plugin (slug: jet-engine) in versions 3.7.2 and earlier. It allows authenticated attackers with Contributor-level access or higher to execute code on the web server (Remote Code...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-28133 is a High-severity vulnerability (CVSS 8.8) affecting the Filr – Secure document library WordPress plugin (slug: filr-protection) in versions <= 1.2.13. The issue is exploitable by an authenticated user with Contributor-level access or...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Lawyer Directory (slug: lawyer-directory) versions up to and including 1.3.2 are affected by a High-severity vulnerability (CVSS 7.2) that allows unauthenticated attackers to inject malicious code into content that your site later serves to visitors....
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Severity: Medium (CVSS 6.1). CVE-2026-28126 affects the RH Frontend Publishing Pro plugin (also known as Frontend Publishing Pro; slug: rh-frontend) in versions up to and including 4.3.2. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability...
Recent Comments