Tag
#Account Takeover
blogHIGH 8.1
Understanding and Defending Against CVE-2026-7655: Privilege Escalation in SureCart Plugin
CVE-2026-7655 is a privilege escalation vulnerability in the SureCart plugin for WordPress, allowing unauthenticated attackers to takeover accounts by manipulating user details via webhook events. This vulnerability has a CVSS score of 8.1 and affects versions up to 4.2.3 of the plugin. Understanding the root cause and attack vector is crucial for defenders to implement effective mitigations.
newsCRITICAL 9.0
CVE-2026-11374: ManageEngine Products Vulnerable to Predictable SSO Ticket IDs Leading to Account Takeover
A critical vulnerability (CVE-2026-11374, CVSS score of 9) in multiple ManageEngine products allows unauthenticated users to predict SSO ticket IDs, leading to account takeover. Affected products include ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. Immediate action is required to update vulnerable versions.