by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Accordion and Accordion Slider (slug: accordion-and-accordion-slider) is affected by a medium-severity authorization issue (CVE-2026-0727, CVSS 5.4). The risk comes from what an authenticated user can do after they already have a valid account. An...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-0557 affects the WordPress plugin WP Data Access – No-Code App Builder with Tables, Forms, Charts & Maps (slug: wp-data-access) in versions up to and including 5.5.63. It is a Medium severity issue (CVSS 6.4) involving Stored Cross-Site...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Allow HTML in Category Descriptions (slug: allow-html-in-category-descriptions) has a Medium severity vulnerability (CVSS 4.4; CVE: CVE-2026-0693) that can be triggered by an authenticated user with Administrator (or higher) access. The attack involves...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors ZoomifyWP Free (slug: tz-zoomifywp-free) has a Medium-severity stored cross-site scripting (XSS) vulnerability (CVE-2026-1187, CVSS 6.4) affecting versions up to and including 1.1. The issue is reachable by a logged-in user with at least Contributor...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The vulnerability affects Stripe payment forms built with SureForms – Drag and Drop Form Builder for WordPress (slug: sureforms) in versions up to and including 2.2.1. Because it is unauthenticated and rated High severity (CVSS 7.5), an attacker does...
Recent Comments