by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Media Library Assistant (slug: media-library-assistant) versions 3.33 and earlier have a Medium-severity vulnerability (CVSS 4.3) that can be abused by any authenticated WordPress user with Subscriber-level access or higher. This matters because...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Apocalypse Meow (WordPress plugin) versions 22.1.0 and below contain a Medium-severity SQL Injection vulnerability (CVE-2026-3523, CVSS 4.9) that can be triggered through an AJAX request parameter named type. The key business consideration is that...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors CVE-2026-3034 affects the WordPress plugin OoohBoi Steroids for Elementor (slug: ooohboi-steroids-for-elementor) in versions 2.1.24 and earlier. It is rated Medium severity (CVSS 6.4), and the attacker must already have a WordPress account with...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors CVE-2026-2899 affects the WordPress plugin Fluent Forms Pro Add On Pack (slug: fluentformpro) in versions 6.1.17 and earlier, and is rated Medium severity (CVSS 6.5). The primary attack path is over the public internet via WordPress AJAX endpoints....
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Fluent Forms Pro Add On Pack (slug: fluentformpro) versions 6.1.17 and earlier are affected by a High-severity Stored Cross-Site Scripting (XSS) vulnerability tracked as CVE-2026-2365 (CVSS 7.2). An attacker does not need to be logged in to attempt...
by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors Seraphinite Accelerator (WordPress plugin) has a Medium-severity vulnerability (CVE-2026-3056, CVSS 4.3) that can be exploited by an authenticated user with Subscriber-level access or higher. In practical terms, this means any account that can log...
Recent Comments