by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors EM Cost Calculator (slug: cost-calculator) has a Medium-severity issue (CVSS 6.1, CVE-2026-2506) that can be triggered by an unauthenticated attacker over the internet. The attacker’s goal is to submit a malicious value into the plugin’s customer_name...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors The Related Videos for JW Player WordPress plugin (slug: related-videos-for-jw-player) is affected by a Medium severity issue (CVSS 6.1) tracked as CVE-2025-32516. This is a reflected cross-site scripting (XSS) vulnerability in versions up to and...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-2694 is a Medium-severity vulnerability (CVSS 5.4; CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) affecting the The Events Calendar WordPress plugin (the-events-calendar) in versions up to and including 6.15.16. The issue can be exploited...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2025-63030 is a Medium-severity Cross-Site Request Forgery (CSRF) issue affecting the WordPress plugin New User Approve (slug: new-user-approve) in versions up to and including 3.2.3. The vulnerability stems from missing or incorrect nonce...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors SUMO Affiliates Pro (slug: affs) has a Critical vulnerability (CVSS 9.8; CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) tracked as CVE-2025-32291. Because the issue is unauthenticated, an attacker can target your website over the internet without needing...
Recent Comments