CVE-2026-2720

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2026-2720

The Hr Press Lite WordPress plugin is vulnerable due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to 1.0.2, allowing authenticated users with Subscriber-level access and above to fetch sensitive employee data (names, emails, phone numbers, salary/pay rat...

CVE-2026-2720 Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure

The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the hrp-fetch-employees AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

Retail Under Siege: What Recent Cyber Attacks Tell Us About Today’s Threat Landscape

When several major UK organizations, including well-known retail brands, found themselves caught in a cyber attack earlier this year, it made headlines. But this incident wasn’t the first, and it won’t be the last. It reflects a growing trend where attackers exploit third-party vendors to breach...

Coca-Cola, Bottling Partner Named in Separate Ransomware and Data Breach Claims

Coca-Cola and its bottling partner CCEP targeted in separate cyber incidents, with the Everest ransomware gang and the Gehenna hacking group claiming data breaches involving sensitive employee and CRM data...

Design/Logic Flaw

ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document...