by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors GiftXtore – Luxury Jewelry & Gift Store Elementor WooCommerce WordPress Theme (slug: bw-giftxtore) has a Critical vulnerability (CVSS 9.8) tracked as CVE-2025-28888. The issue is unauthenticated, meaning an attacker does not need a login to...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-47561 affects the MapSVG WordPress plugin (slug: mapsvg) in versions before 8.6.13. The vulnerability is rated High severity (CVSS 8.8), and it can be exploited remotely over the network. The key requirement is that an attacker must already...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-30636 affects the Accessibility Suite by Ability, Inc WordPress plugin (slug: online-accessibility) in versions 4.19 and below. The issue is rated Medium severity (CVSS 4.3) and can be exploited remotely over the network by an attacker who...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors DZS Video Gallery (WordPress plugin slug: dzs-videogallery) is affected by a Medium-severity vulnerability (CVE-2025-32300, CVSS 6.1) involving Reflected Cross-Site Scripting (XSS) in versions up to and including 12.39. This issue can be exploited by an...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-63012 is a medium-severity Cross-Site Request Forgery (CSRF) issue in the WP Hotel Booking plugin (slug: wp-hotel-booking) affecting versions up to and including 2.2.8. CSRF attacks don’t require the attacker to log in; instead, they rely on...
Recent Comments