A Missing Authorization vulnerability (CWE-862) in the Paid Videochat Turnkey Site WordPress plugin allows exploitation of incorrectly configured access control security levels. The vulnerability affects versions from n/a through 7.3.23. The CVSS 3.1 score of 5.3 (MEDIUM) indicates network-accessible attack vector with low attack complexity, no required privileges or user interaction, and low confidential [truncated]
A high-severity code injection vulnerability exists in the Broadcast Live Video WordPress plugin by VideoWhisper.Com. The flaw, rated CVSS 7.2, allows authenticated attackers with high privileges to inject and execute arbitrary code. Affected versions span all releases prior to 7.1.3. The vulnerability was disclosed on 2026-05-25 and last modified on 2026-05-26. No known exploitation in ransomware campaig [truncated]
