by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors MapSVG (WordPress plugin slug: mapsvg) is affected by CVE-2025-47560, a Medium-severity issue (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Because this vulnerability is reachable over the network and does not require user...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-27009 is a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVSS 4.3) affecting the My auctions allegro WordPress plugin (slug: my-auctions-allegro-free-edition) in versions up to and including 3.6.33. The most likely attack...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-47604 is a Medium severity (CVSS 6.4) Stored Cross-Site Scripting (XSS) vulnerability affecting the Inline Related Posts WordPress plugin (intelly-related-posts) in versions up to and including 3.8.0. The primary attack path is through a user...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The WordPress Events Calendar Plugin – connectDaily (slug: connect-daily-web-calendar) has a Medium-severity vulnerability (CVSS 6.1, CVE-2025-32597) affecting all versions up to and including 1.5.4. This issue can be exploited when an attacker...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-31008 is a Medium-severity stored cross-site scripting (XSS) issue (CVSS 4.4) affecting the Embeds for YouTube plugin (slug: youtube-embed) in versions up to and including 5.3.1. An attacker must already be authenticated with...
Recent Comments