by Ivan Sorkin | Apr 14, 2026 | Plugins
Medium-severity vulnerability CVE-2026-27071 (CVSS 5.3) affects the WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System WordPress plugin (wp-cafe) in versions up to and including 3.0.7. It is described as a “missing authorization” issue that can...
by Ivan Sorkin | Apr 14, 2026 | Plugins
Attack Vectors CVE-2025-68600 is a Medium-severity Server-Side Request Forgery (SSRF) vulnerability (CVSS 6.4, vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) affecting the Link Library WordPress plugin (link-library) in versions up to and including 7.8.7. The...
by Ivan Sorkin | Apr 14, 2026 | Plugins
Attack Vectors CVE-2025-64250 is a Medium-severity (CVSS 5.8) Open Redirect affecting the WordPress plugin Directorist: AI-Powered Business Directory, Listings & Classified Ads (slug: directorist) in versions up to and including 8.6.6. An unauthenticated attacker...
by Ivan Sorkin | Apr 14, 2026 | Plugins
Attack Vectors CVE-2025-68069 is a Medium-severity missing authorization issue affecting the Directorist: AI-Powered Business Directory, Listings & Classified Ads plugin (slug: directorist) in versions up to and including 8.6.6. Because the problem involves a...
by Ivan Sorkin | Mar 26, 2026 | Plugins
Attack Vectors Smart Slider 3 (WordPress plugin slug: smart-slider-3) is affected by CVE-2026-3098, a Medium-severity vulnerability (CVSS 6.5) that can be exploited by an authenticated user with Subscriber-level access or higher. This matters for business sites...
by Ivan Sorkin | Mar 26, 2026 | Plugins
Attack Vectors CVE-2026-2511 is a High-severity (CVSS 7.5) vulnerability affecting the WordPress plugin JS Help Desk – AI-Powered Support & Ticketing System (slug: js-support-ticket) in versions 3.0.4 and earlier. It can be exploited remotely over the internet and...
Recent Comments