by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors One to one user Chat by WPGuppy (WordPress plugin slug: wpguppy-lite) has a Medium-severity vulnerability (CVSS 5.3) that can be exploited over the internet without requiring a user account. According to the published details for CVE-2025-6792, the...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Simple Plyr (slug: simple-plyr) is affected by a Medium severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4; CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) in versions up to and including 0.0.1. The vulnerability is tracked as CVE-2026-1915. The...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors PhotoStack Gallery (WordPress plugin slug: photostack-gallery) has a High-severity vulnerability (CVSS 7.5) identified as CVE-2026-2024. The issue can be exploited without authentication, meaning an external attacker may be able to target a site even if...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-1932 (Medium severity, CVSS 5.3) affects the WordPress plugin Appointment Booking Calendar Plugin – Bookr (slug: bookr) in versions 1.0.2 and earlier. The issue involves the plugin’s REST API endpoint used to update appointment records. Because...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-1904 affects the WordPress plugin Simple Wp colorfull Accordion (slug: simple-wp-colorfull-accordion) in versions up to and including 1.0. It is rated Medium severity (CVSS 6.4). This issue can be exploited by an authenticated...
Recent Comments