TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Sucuri Blog

Vulnerability & Patch Roundup — March 2026

Sucuri Malware Research Team · 2026-04-01 · Read original ↗

ATT&CK techniques detected

32 predictions
T1190Exploit Public-Facing Application
97%
"& newsletters – email marketing, post notifications & newsletter plugin for wordpress < = 5. 9. 16 patched versions : email subscribers & newsletters – email marketing, post notifications & newsletter plugin for wordpress 5. 9. 17 mitigation steps : update to email subscribers & …"
T1190Exploit Public-Facing Application
97%
"required. vulnerability : sql injection cve : cve - 2025 - 13673 number of installations : 100, 000 + affected software : tutor lms – elearning and online course solution < = 3. 9. 6 patched versions : tutor lms – elearning and online course solution 3. 9. 7 mitigation steps : up…"
T1190Exploit Public-Facing Application
96%
"risk : high exploitation level : requires administrator or higher level authentication. vulnerability : arbitrary file upload cve : cve - 2026 - 2269 number of installations : 50, 000 + affected software : uncanny automator – easy automation, integration, webhooks & workflow buil…"
T1190Exploit Public-Facing Application
94%
"( website stats plugin ) version 9. 0. 3 or greater. unlimited elements for elementor – cross site scripting ( xss ) security risk : high exploitation level : no authentication required. vulnerability : cross site scripting ( xss ) cve : cve - 2026 - 2724 number of installations …"
T1190Exploit Public-Facing Application
89%
") cve : cve - 2026 - 25366 number of installations : 60, 000 + affected software : woody code snippets – insert php, css, js, and header / footer scripts < = 2. 7. 1 patched versions : woody code snippets – insert php, css, js, and header / footer scripts 2. 7. 2 mitigation steps…"
T1190Exploit Public-Facing Application
88%
"really simple security – simple and performant security ( formerly really simple ssl ) – broken access control security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : broken access control cve : cve - 2026 - 32461 number of…"
T1190Exploit Public-Facing Application
87%
", albums, video gallery, slideshows & more – cross site scripting ( xss ) security risk : medium exploitation level : requires author or higher level authentication. vulnerability : cross site scripting ( xss ) cve : cve - 2026 - 1236 number of installations : 100, 000 + affected…"
T1190Exploit Public-Facing Application
86%
"or greater. wp mail logging – php object injection security risk : critical exploitation level : no authentication required. vulnerability : php object injection cve : cve - 2026 - 2471 number of installations : 300, 000 + affected software : wp mail logging < = 1. 15 patched ver…"
T1190Exploit Public-Facing Application
85%
"elementor – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : cross site scripting ( xss ) cve : cve - 2025 - 6229 number of installations : 50, 000 + affected software : sina extension fo…"
T1190Exploit Public-Facing Application
84%
"- 2571 number of installations : 100, 000 + affected software : download manager < = 3. 3. 49 patched versions : download manager 3. 3. 50 mitigation steps : update to download manager version 3. 3. 50 or greater. latepoint – calendar booking plugin for appointments and events – …"
T1190Exploit Public-Facing Application
79%
". 50 patched versions : news magazine x 1. 2. 51 mitigation steps : update to news magazine x theme version 1. 2. 51 or greater. estate – php object injection security risk : critical exploitation level : no authentication required. vulnerability : php object injection cve : cve …"
T1190Exploit Public-Facing Application
79%
"scripting ( xss ) cve : cve - 2026 - 2324 number of installations : 100, 000 + affected software : latepoint – calendar booking plugin for appointments and events < = 5. 2. 7 patched versions : latepoint – calendar booking plugin for appointments and events 5. 2. 8 mitigation ste…"
T1190Exploit Public-Facing Application
77%
"2. 0 or greater. booking for appointments and events calendar – amelia – broken authentication security risk : high exploitation level : requires customer or higher level authentication. vulnerability : broken authentication cve : cve - 2026 - 2931 number of installations : 90, 0…"
T1190Exploit Public-Facing Application
77%
"##pa cookie consent < = 7. 4. 4 patched versions : complianz – gdpr / ccpa cookie consent 7. 4. 5 mitigation steps : update to complianz – gdpr / ccpa cookie consent version 7. 4. 5 or greater. mc4wp : mailchimp for wordpress – broken access control security risk : medium exploit…"
T1588.006Vulnerabilities
76%
"1. 8 mitigation steps : update to checkout field editor ( checkout manager ) for woocommerce version 2. 1. 8 or greater. pixelyoursite – your smart pixel ( tag ) & api manager – cross site scripting ( xss ) security risk : high exploitation level : no authentication required. vul…"
T1190Exploit Public-Facing Application
70%
", 000 + affected software : ultra addons for contact form 7 < = 3. 5. 36 patched versions : ultra addons for contact form 7 3. 5. 37 mitigation steps : update to ultra addons for contact form 7 version 3. 5. 37 or greater. visual portfolio, photo gallery & post grid – local file …"
T1190Exploit Public-Facing Application
69%
"3. 3 or greater. online scheduling and appointment booking system – bookly – cross site scripting ( xss ) security risk : high exploitation level : no authentication required. vulnerability : cross site scripting ( xss ) cve : cve - 2026 - 32540 number of installations : 70, 000 …"
T1190Exploit Public-Facing Application
64%
"higher level authentication. vulnerability : broken access control cve : cve - 2026 - 3533 number of installations : 80, 000 + affected software : jupiter x core < = 4. 14. 1 patched versions : jupiter x core 4. 14. 2 mitigation steps : update to jupiter x core version 4. 14. 2 o…"
T1190Exploit Public-Facing Application
64%
"##s aggregator – rss import, news feeds, feed to post, and autoblogging < = 5. 0. 11 patched versions : rss aggregator – rss import, news feeds, feed to post, and autoblogging 5. 0. 12 mitigation steps : update to rss aggregator – rss import, news feeds, feed to post, and autoblo…"
T1588.006Vulnerabilities
63%
"ai content writer with keyword research & seo tracking tools 4. 3. 3 mitigation steps : update to getgenie – ai content writer with keyword research & seo tracking tools version 4. 3. 3 or greater. getgenie – ai content writer with keyword research & seo tracking tools – insecure…"
T1190Exploit Public-Facing Application
62%
", user registration form, login form, user profile & restrict content – profilepress 4. 16. 12 mitigation steps : update to paid membership plugin, ecommerce, user registration form, login form, user profile & restrict content – profilepress version 4. 16. 12 or greater. wp all i…"
T1190Exploit Public-Facing Application
52%
"dynamic blocks form builder – remote code execution ( rce ) security risk : critical exploitation level : requires contributor or higher level authentication. vulnerability : remote code execution ( rce ) cve : cve - 2026 - 32525 number of installations : 90, 000 + affected softw…"
T1190Exploit Public-Facing Application
50%
"##treetmap, mapbox, listing, directory & filters version 4. 9. 2 or greater. advanced product fields ( product addons ) for woocommerce – broken access control security risk : medium exploitation level : no authentication required. vulnerability : broken access control cve : cve …"
T1190Exploit Public-Facing Application
44%
"vulnerability & patch roundup — march 2026 vulnerability reports and responsible disclosures are essential for website security awareness and education. automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. to help educat…"
T1190Exploit Public-Facing Application
44%
"wp maps – store locator, google maps, openstreetmap, mapbox, listing, directory & filters 4. 9. 2 mitigation steps : update to wp maps – store locator, google maps, openstreetmap, mapbox, listing, directory & filters version 4. 9. 2 or greater. wp maps – store locator, google map…"
T1190Exploit Public-Facing Application
40%
". education zone – broken access control security risk : medium exploitation level : no authentication required. vulnerability : broken access control cve : cve - 2026 - 25009 number of downloads : 483, 880 affected software : education zone < = 1. 3. 8 patched versions : educati…"
T1588.006Vulnerabilities
40%
"of installations : 300, 000 + affected software : exactmetrics – google analytics dashboard for wordpress ( website stats plugin ) < = 9. 0. 2 patched versions : exactmetrics – google analytics dashboard for wordpress ( website stats plugin ) 9. 0. 3 mitigation steps : update to …"
T1190Exploit Public-Facing Application
37%
"authentication required. vulnerability : php object injection cve : cve - 2026 - 2599 number of installations : 70, 000 + affected software : database for contact form 7, wpforms, elementor forms < = 1. 4. 7 patched versions : database for contact form 7, wpforms, elementor forms…"
T1190Exploit Public-Facing Application
36%
"- members membership plugin version 3. 5. 6 or greater. rss aggregator – rss import, news feeds, feed to post, and autoblogging – cross site scripting ( xss ) security risk : high exploitation level : no authentication required. vulnerability : cross site scripting ( xss ) cve : …"
T1190Exploit Public-Facing Application
32%
". 0 mitigation steps : update to appointment booking calendar — simply schedule appointments booking plugin version 1. 6. 10. 0 or greater. appointment booking calendar — simply schedule appointments booking plugin – sensitive data exposure security risk : medium exploitation lev…"
T1204.002Malicious File
31%
", registration, login, member directory, content restriction & membership plugin 2. 11. 3 mitigation steps : update to ultimate member – user profile, registration, login, member directory, content restriction & membership plugin version 2. 11. 3 or greater. dear flipbook – pdf f…"
T1190Exploit Public-Facing Application
31%
"blocks – broken access control security risk : medium exploitation level : no authentication required. vulnerability : broken access control cve : cve - 2026 - 2589 number of installations : 70, 000 + affected software : greenshift – animation and page builder blocks < = 12. 8. 3…"

Summary

Vulnerability & Patch Roundup — March 2026

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected.

Continue reading Vulnerability & Patch Roundup — March 2026 at Sucuri Blog.