by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Custom Block Builder – Lazy Blocks (slug: lazy-blocks) is affected by a High severity vulnerability (CVSS 8.8) identified as CVE-2026-1560. The issue enables authenticated attackers with Contributor-level access or higher to achieve remote code...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors WP Term Order (slug: wp-term-order) versions up to and including 2.1.0 are affected by a Medium severity Cross-Site Request Forgery (CSRF) vulnerability (CVE: CVE-2026-24542; CVSS 4.3). The most common CSRF scenario is social engineering: an attacker...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2025-54004 affects the WordPress plugin WCFM – Frontend Manager for WooCommerce (including its “Bookings Subscription Listings Compatible” functionality, slug wc-frontend-manager) in versions up to 6.7.24. The severity is Medium (CVSS 4.3). The key...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors BuddyHolis ListSearch (slug: listsearch) versions 1.1 and earlier contain a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) that can be exploited by an authenticated WordPress user with Contributor-level access or higher. The...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors IDE Micro code-editor (slug: flask-micro) is affected by a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) in versions up to and including 1.0.0. The vulnerability is tied to the plugin’s codeflask shortcode, specifically the title...
Recent Comments