by Ivan Sorkin | Feb 27, 2026 | Plugins
Attack Vectors Administrator Z (slug: administrator-z) is affected by a medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-32276) in all versions up to, and including, 2025.03.04. The most likely attack path is social engineering: an...
by Ivan Sorkin | Feb 27, 2026 | Plugins
Attack Vectors MailArchiver (WordPress plugin slug: mailarchiver) is affected by CVE-2026-2831, a Medium severity SQL Injection issue (CVSS 4.9, vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). This vulnerability can be exploited by an authenticated user with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Electric Enquiries (slug: electric-enquiries) versions <= 1.1 have a medium-severity Stored Cross-Site Scripting (XSS) issue (CVE-2025-14142, CVSS 6.4) that can be exploited by an authenticated user with Contributor-level access or higher. The attack...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2024-10938 (Medium severity, CVSS 6.5) affects the OVRI Payment WordPress plugin (slug: moneytigo) version 1.7.0. The issue involves malicious .htaccess directives shipped inside the plugin, which can influence what code is allowed to run on your...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27440 is a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting the WordPress plugin myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program (mycred) in versions up to and including...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27360 is a Medium-severity stored cross-site scripting (XSS) vulnerability (CVSS 4.4) affecting Photo Gallery by 10Web – Mobile-Friendly Image Gallery (WordPress plugin slug: photo-gallery) in versions up to and including 1.8.38. The attack...
Recent Comments