CVE-2026-15291: CWE-862 Missing Authorization in themeatelier ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form
The Chat Help – Click to Chat Button & Form WordPress plugin up to version 3.1.3 has a vulnerability in its REST API endpoints that allows unauthenticated access to sensitive user data. Due to…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

WAF - WAF Release - 2025-08-04
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-gra

WAF - WAF Release - 2026-04-30 - Emergency
This emergency release introduces a new rule to block a cPanel & WHM Authentication Bypass related to CVE-2026-41940. Key Findings CVE-2026-

CVE-2026-11462: Improper Authorization Vulnerability in BeikeShop Stripe Plugin (Up to v1.6.0.22)
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file p

WAF - WAF Release - 2025-06-09
This week’s update spotlights four critical vulnerabilities across CMS platforms, VoIP systems, and enterprise applications. Several flaws e

Comments
Sign in to join the conversation.
No comments yet. Be the first.