by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2024-31366 affects the WordPress plugin Post Type Builder (slug: themify-ptb) in versions earlier than 2.1.4. The issue is rated Medium severity (CVSS 4.3; CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N), meaning it is reachable over the network and...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2024-25931 is a Medium severity Cross-Site Request Forgery (CSRF) vulnerability affecting the Heureka WordPress plugin (slug: heureka) in all versions up to and including 1.0.8 (CVSS 4.3). This type of attack relies on user interaction: an...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2023-49841 is a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 4.4) affecting Optin Forms – Simple List Building Plugin for WordPress (slug: optin-forms) in versions up to and including 1.3.6. The attack requires an authenticated user...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The vulnerability (CVE-2023-33215, CVE record) affects the WordPress plugin Taggbox: Embed LinkedIn, Facebook, Instagram, TikTok, YouTube & More Social Media Widgets (slug: taggergbox-widget) versions up to and including 3.3. It is rated Medium...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2023-33214 is a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVSS 4.3) affecting Taggbox: Embed LinkedIn, Facebook, Instagram, TikTok, YouTube & More Social Media Widgets (slug: taggergbox-widget) in versions up to, and...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The All In One Slider WordPress plugin (formerly known as All In One Carousel) is affected by a Medium-severity reflected cross-site scripting (XSS) vulnerability in versions up to and including 1.2.20 (CVSS 6.1, vector...
Recent Comments