by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27368 affects the WordPress plugin Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode (slug: coming-soon) in versions up to and including 6.19.8. The issue is rated Medium severity (CVSS 5.3)....
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Page Builder Gutenberg Blocks – CoBlocks (slug: coblocks) versions up to and including 3.1.16 are affected by a medium-severity stored cross-site scripting (XSS) issue (CVE-2026-27094, CVSS 6.4). The primary attack path requires a user to already be...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27074 is a Medium-severity (CVSS 6.4) Stored Cross-Site Scripting (XSS) vulnerability affecting Shortcoder — Create Shortcodes for Anything (WordPress plugin slug: shortcoder) in versions <= 6.5.1. The issue can be exploited by an...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27090 is a Medium severity Cross-Site Request Forgery (CSRF) issue affecting Kenta Companion (WordPress plugin) in versions up to and including 1.3.3 (CVSS 4.3; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). The primary attack path is...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-27066 affects the WordPress plugin Live sales notification for WooCommerce (slug: live-sales-notifications-for-woocommerce) in versions up to and including 2.3.46. Because the issue is remotely reachable and does not require a...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27059 is a Medium-severity vulnerability (CVSS 6.4) affecting the Penci Recipe WordPress plugin (penci-recipe) in versions up to and including 4.1. It is an authenticated issue, meaning an attacker must be logged in with at least Contributor...
Recent Comments