by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors Greenshift – animation and page builder blocks has a Medium-severity vulnerability (CVE-2026-2593, CVSS 6.4) affecting versions up to and including 12.8.5. The issue is an authenticated Stored Cross-Site Scripting (XSS) weakness, meaning an attacker...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors # CVE-2026-3459 is a High-severity issue (CVSS 8.1) affecting the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (slug: drag-and-drop-multiple-file-upload-contact-form-7). The vulnerability can be exploited remotely over the...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors High severity vulnerability (CVSS 8.8) in WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation (slug: optin) affects versions up to 1.4.24. The issue (CVE-2026-1720) allows an attacker who can log in with a...
by Ivan Sorkin | Mar 5, 2026 | Plugins
Attack Vectors CVE-2026-2599 is a Critical vulnerability (CVSS 9.8) affecting the WordPress plugin Database for Contact Form 7, WPforms, Elementor forms (slug: contact-form-entries) in versions 1.4.7 and below. It is exploitable by unauthenticated attackers over the...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Membership Plugin – Restrict Content (slug: restrict-content) has a High-severity vulnerability (CVSS 8.1, CVE-2026-1321) that can be exploited without authentication. In practical terms, an outside attacker can attempt to register a new account and...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Page and Post Clone (slug: page-or-post-clone) has a Medium-severity vulnerability (CVSS 6.5) tracked as CVE-2026-2893. The issue affects all versions up to and including 6.3. The primary attack path is through a WordPress user account with at least...
Recent Comments