by Ivan Sorkin | Jan 31, 2026 | Plugins
Attack Vectors Popup Box – Create Countdown, Coupon, Video, Contact Form Popups (slug: ays-popup-box) has a Medium severity vulnerability (CVSS 4.3, CVE-2026-1165) that can be exploited through Cross-Site Request Forgery (CSRF). In practical terms, an attacker does...
by Ivan Sorkin | Jan 31, 2026 | Plugins
Attack Vectors The vulnerability in Sell BTC – Cryptocurrency Selling Calculator (WordPress plugin slug: sell-btc-by-hayyatapps) is a High severity issue (CVSS 7.2) that can be exploited remotely over the internet without authentication. In practical terms, an...
by Ivan Sorkin | Jan 30, 2026 | Plugins
Attack Vectors CVE-2026-24544 is a Medium severity missing-authorization issue (CVSS 4.3) affecting the HD Quiz WordPress plugin (hd-quiz) versions 2.0.9 and earlier. The exposure is over the network and does not require user interaction, meaning an attacker can act...
by Ivan Sorkin | Jan 30, 2026 | Plugins
Attack Vectors CVE-2025-60080 is a High-severity vulnerability (CVSS 7.5) affecting the WordPress plugin PDF for Gravity Forms + Drag And Drop Template Builder (slug: pdf-for-gravity-forms) in versions 6.5.0 and below. The attack requires an authenticated WordPress...
by Ivan Sorkin | Jan 30, 2026 | Plugins
Attack Vectors CVE-2025-60083 affects the WordPress plugin PDF Invoices for WooCommerce + Drag and Drop Template Builder (slug: pdf-for-woocommerce) in versions up to and including 6.5.0. The issue is rated High severity (CVSS 8.8), and it requires an attacker to have...
Recent Comments