by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Scheduler Widget (WordPress plugin slug scheduler-widget) versions 0.1.6 and earlier have a Medium-severity issue (CVSS 5.4; CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) tracked as CVE-2026-1987. The primary attack path involves a legitimate login. An...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The WordPress plugin Address Bar Ads (versions up to and including 1.0.0) is affected by a Medium-severity vulnerability (CVE-2026-1795, CVSS 6.1) that enables reflected cross-site scripting (XSS) through the URL path. In practical terms, an...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-1901 affects the QuestionPro Surveys WordPress plugin (slug: questionpro-surveys) in versions up to and including 1.0 and is rated Medium severity (CVSS 6.4). It is a stored cross-site scripting issue that occurs through...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors StyleBidet (slug: stylebidet) versions up to and including 1.0.0 are affected by a Medium severity vulnerability (CVSS 6.1) identified as CVE-2026-1796. The issue is a reflected cross-site scripting (XSS) weakness triggered through the URL path. Because...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Severity: High (CVSS 7.2) — CVE-2026-0753 affects the Super Simple Contact Form WordPress plugin (slug: super-simple-contact-form) in versions up to and including 1.6.2. The issue is a reflected cross-site scripting (XSS) weakness triggered through the...
Recent Comments