by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2025-13974 is a Medium-severity (CVSS 4.4) Stored Cross-Site Scripting (XSS) issue in the WordPress plugin Email Customizer for WooCommerce | Drag and Drop Email Templates Builder (slug: email-customizer-for-woocommerce) affecting versions 2.6.7 and...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors Microtango (WordPress plugin) versions up to and including 0.9.29 are affected by CVE-2026-1821, a Medium severity issue (CVSS 6.4) involving stored cross-site scripting (XSS) through shortcode attributes. The primary attack path requires a user who is...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2026-1675 affects the Advanced Country Blocker WordPress plugin (slug: advanced-country-blocker) in versions 2.3.1 and below, and is rated Medium severity (CVSS 5.3). The issue stems from an insecure default “secret bypass key” created during...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors The vulnerability in Invoct – PDF Invoices & Billing for WooCommerce (slug: kirilkirkov-pdf-invoice-manager) affects versions 1.6 and below and is rated Medium severity (CVSS 4.3). It can be exploited over the network by an attacker who already has...
by Ivan Sorkin | Feb 12, 2026 | Themes
Attack Vectors CVE-2024-43334 is a Medium severity reflected cross-site scripting (XSS) issue affecting the Paroti – Nonprofit Charity WordPress Theme (slug: paroti) and other “gavias” themes in various versions. Because this is a reflected XSS scenario, the...
Recent Comments