by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors The WordPress plugin LambertGroup – AllInOne – Content Slider (slug: all-in-one-contentSlider) is affected by a Medium-severity vulnerability (CVSS 6.1) identified as CVE-2026-28109. The issue is a reflected cross-site scripting (XSS)...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors LambertGroup – AllInOne – Banner with Thumbnails (slug: all-in-one-thumbnailsBanner) is affected by a Medium-severity reflected cross-site scripting (XSS) issue (CVSS 6.1, CVE-2026-28108). In practical terms, an attacker can craft a link...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Site Suggest (WordPress plugin slug: site-suggest) versions up to and including 1.3.9 are affected by a Medium-severity issue (CVSS 5.3) identified as CVE-2026-28104. The core concern is that an attacker does not need to be logged in to reach a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-28103 is a Medium severity (CVSS 6.1) Reflected Cross-Site Scripting (XSS) issue affecting the Responsive Zoom In/Out Slider WordPress Plugin (slug: lbg_zoominoutslider) in versions up to and including 5.4.5. The most likely attack path is...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales (slug: easy-sticky-sidebar) has a Medium-severity missing authorization issue (CVE-2026-22459, CVSS 5.3) affecting versions up to and including 1.7.4. Because the vulnerable function lacks a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Greenshift – animation and page builder blocks (slug: greenshift-animation-and-page-builder-blocks) has a Medium-severity issue (CVE-2026-2589, CVSS 5.3) affecting versions 12.8.3 and earlier. The risk comes from an automated Settings Backup that is...
Recent Comments