by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Sphere Manager (slug: sphere-manager) versions 1.0.2 and earlier are affected by a Medium severity vulnerability (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) tracked as CVE-2026-1905. The primary attack path is an authenticated user who...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The CallbackKiller service widget plugin (slug: callbackkiller-service-widget) is reported as Medium severity (CVSS 5.3) and affects all versions up to and including 1.2. The issue involves a WordPress AJAX endpoint tied to the cbk_save_v1 action, which...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The LatePoint – Calendar Booking Plugin for Appointments and Events (slug: latepoint-2) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-14873, CVSS 4.3). In practical terms, an attacker can attempt to make...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-0559 (Medium severity, CVSS 6.4) affects the MasterStudy LMS WordPress Plugin – for Online Courses and Education (slug: masterstudy-lms-learning-management-system) in versions up to and including 3.7.11. The issue is an authenticated Stored...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Flexi Product Slider and Grid for WooCommerce (slug: flexi-product-slider-grid) has a High-severity vulnerability (CVSS 7.5, CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting versions up to and including 1.0.5. It is tracked as CVE-2026-1988. The...
Recent Comments