by Ivan Sorkin | Mar 4, 2026 | Plugins
Attack Vectors CVE-2026-1674 is a Medium severity vulnerability (CVSS 6.5) affecting the WordPress plugin Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder (slug: gutena-forms) in versions 1.6.0 and earlier. The attack...
by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors JS Help Desk – AI-Powered Support & Ticketing System (slug: js-support-ticket) version 2.8.2 has a High-severity vulnerability (CVSS 7.5, CVE-2023-7337) that can be exploited over the network without a user logging in. The issue is an...
by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors All-in-One Video Gallery (slug: all-in-one-video-gallery) versions 4.7.1 and earlier are affected by a Medium-severity vulnerability (CVSS 6.1, CVE-2026-1706) that can be exploited remotely over the internet. The issue is a Reflected Cross-Site...
by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More (slug: envira-gallery-lite) has a Medium-severity vulnerability (CVSS 6.4, CVE-2026-1236) affecting versions up to and including 1.12.3. The issue is an authenticated...
by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors WP-Members Membership Plugin (slug: wp-members) versions up to and including 3.5.5.1 contain a medium-severity SQL Injection vulnerability (CVE-2026-2363, CVSS 6.5) that can be exploited by an authenticated user with Contributor-level access or higher....
by Ivan Sorkin | Mar 3, 2026 | Plugins
Attack Vectors Enable Media Replace (slug: enable-media-replace) versions 4.1.7 and earlier have a Medium severity vulnerability (CVE-2026-2732, CVSS 5.4) that can be abused by a logged-in user with Author-level access or higher. In practical terms, this means the...
Recent Comments