by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2024-11756 is a Medium-severity stored cross-site scripting (XSS) vulnerability (CVSS 6.4) affecting the WordPress plugin SweepWidget – Contests, Giveaways, Sweepstakes & Photo Contests (slug: sweepwidget) in versions 2.0.6 and earlier. The...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2025-14447 affects the AnnunciFunebri Impresa WordPress plugin (slug: annuncifunebri-onoranza) in versions up to and including 4.7.0. The severity is Medium (CVSS 5.3). The primary attack vector involves an authenticated WordPress user with...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors This Medium-severity vulnerability (CVSS 6.4) affects the WordPress plugin OpenPOS Lite – Point of Sale for WooCommerce (slug: wpos-lite-version) in versions up to and including 3.0. It is an authenticated issue, meaning an attacker must already have a...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2026-24532 is a Medium-severity missing authorization issue (CVSS 4.3) affecting the WordPress plugin SiteLock Security – WP Hardening, Login Security & Malware Scans (slug: sitelock) in versions up to and including 5.0.2. The primary attack...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors Event Tickets with Ticket Scanner (slug: event-tickets-with-ticket-scanner) has a Critical vulnerability (CVSS 9.8) that enables unauthenticated remote code execution in versions up to and including 2.8.5. In practical terms, this means an attacker can...
Recent Comments