by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The vulnerability CVE-2025-63058 affects the WordPress plugin Custom Field Template (slug: custom-field-template) in versions 2.7.6 and earlier. It is rated Medium severity (CVSS 4.3) and is exploitable over the network, meaning an attacker can attempt...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The WordPress plugin Xpro Addons — 140+ Widgets for Elementor (slug: xpro-elementor-addons) is affected by a Medium-severity vulnerability (CVE-2025-63044, CVSS 6.4) that enables stored cross-site scripting (XSS) by an authenticated user with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-62959 is a High-severity vulnerability (CVSS 7.2) affecting the WordPress plugin Paid Videochat Turnkey Site – HTML5 PPV Live Webcams (slug: ppv-live-webcams) in versions up to and including 7.3.23. It allows authenticated attackers with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-63066 is a Medium-severity Stored Cross-Site Scripting (XSS) issue affecting the Porto Theme – Functionality WordPress plugin (slug: porto-functionality) in versions prior to 3.7.3. The attack requires an authenticated WordPress account...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2025-60097 is a Medium severity (CVSS 4.3) missing authorization issue in the TheGem WordPress theme (slug: thegem) affecting versions up to and including 5.10.5. An attacker must be authenticated—even a subscriber-level account is sufficient—so...
Recent Comments