by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Pretty Url (slug: pretty-url) has a Medium-severity reflected cross-site scripting (XSS) vulnerability affecting versions up to and including 1.5.4 (CVE-2025-22564; CVSS 6.1). Reflected XSS typically works when an attacker sends a specially crafted URL...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2024-49699 affects the ARPrice – WordPress Pricing Table Plugin (slug: arprice) in versions up to and including 4.1.3. It is rated High severity (CVSS 8.8; vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), meaning it can be reached over...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors ARPrice – WordPress Pricing Table Plugin (slug: arprice) is affected by a Medium-severity reflected cross-site scripting (XSS) vulnerability (CVE-2024-49700, CVSS 6.1). The primary attack path is link-based social engineering: an unauthenticated...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The LeadBoxer WordPress plugin (slug: leadboxer) is affected by a Medium-severity vulnerability (CVE-2024-52468, CVSS 6.1) impacting versions up to and including 1.3. This is a reflected cross-site scripting (XSS) issue, meaning an attacker can attempt...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2024-47338 affects the WPExperts Square For GiveWP WordPress plugin (slug: wpexperts-square-for-give) in versions up to and including 1.3. This is a Medium severity issue (CVSS 4.9) that can be exploited over the network without user interaction,...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2024-38733 affects the WordPress plugin Meks Video Importer (slug: meks-video-importer) in versions up to and including 1.0.12. It is rated Medium severity with a CVSS score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Because this issue...
Recent Comments