by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Medium severity vulnerability CVE-2025-69343 affects the Theater for WordPress plugin (slug: theatre) in versions <= 0.19. It is a Stored Cross-Site Scripting (XSS) issue that can be exploited by an authenticated user with Subscriber-level access or...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Responsive Lightbox & Gallery (slug: responsive-lightbox) versions prior to 2.6.1 are affected by a High-severity vulnerability (CVSS 7.2) tracked as CVE-2025-15386. The issue is an unauthenticated stored cross-site scripting (XSS) weakness, meaning...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors ListingPro Plugin (slug: listingpro-plugin) versions up to and including 2.9.8 are affected by a Medium-severity reflected cross-site scripting (XSS) issue (CVE-2026-28122, CVSS 6.1). The most common way this type of vulnerability is exploited is...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The vulnerability in WP Attractive Donations System – Easy Stripe & Paypal donations (versions up to and including 1.25) is a High-severity, unauthenticated SQL Injection (CVE-2026-28115, CVSS 7.5). “Unauthenticated” means an attacker may not...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors AllInOne – Banner Rotator (slug: all-in-one-bannerRotator) versions up to and including 3.8 are affected by a Medium-severity Reflected Cross-Site Scripting (XSS) issue (CVE-2026-28112, CVSS 6.1). In practical terms, an attacker can craft a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-28110 is a Medium severity (CVSS 6.1) Reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress plugin LambertGroup – AllInOne – Banner with Playlist (slug: all-in-one-bannerWithPlaylist) in versions up to and...
Recent Comments