by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors The Nasa Core plugin (slug: nasa-core) is affected by a Medium-severity (CVSS 6.1) reflected cross-site scripting (XSS) vulnerability in versions below 6.4.4 (CVE-2025-39508). Reflected XSS typically relies on a victim being convinced to interact with a...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors WishList Member X (wishlist-member-x) versions up to and including 3.25.1 have a critical vulnerability (CVSS 10.0) that can be exploited without a login. This means an external attacker can target your website directly over the internet. Because this...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2025-32291 impacts the SUMO Affiliates Pro WordPress plugin (slug: affs) in versions 10.7.0 and below. With a Critical severity rating (CVSS 9.8, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), this issue is especially concerning because it...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2025-63030 is a medium-severity Cross-Site Request Forgery (CSRF) issue affecting the New User Approve WordPress plugin (slug: new-user-approve) in versions up to and including 3.2.0 (CVSS 4.3). CSRF attacks rely on user interaction: an attacker...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2025-29012 affects the CF7 7 Mailchimp Add-on WordPress plugin (slug: CF7-mailchimp-addon) in versions <= 2.2. Because the issue can be triggered without logging in and requires no user interaction, any site running a vulnerable version is...
Recent Comments