by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors In CVE-2025-14742, the WP Recipe Maker plugin (wp-recipe-maker) is affected by a missing authorization check in its AJAX endpoints. Specifically, the ajax_search_recipes and ajax_get_recipe functions can be accessed by authenticated users with...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Disable Admin Notices – Hide Dashboard Notifications (slug: disable-admin-notices) has a Medium-severity vulnerability (CVSS 4.3) tracked as CVE-2026-2410. The issue can be exploited over the web when an attacker tricks a logged-in WordPress...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Secure Copy Content Protection and Content Locking (WordPress plugin slug: secure-copy-content-protection) has a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVE-2026-2367, CVSS 6.4) that can be exploited by an authenticated user with...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Product: Responsive Lightbox & Gallery (WordPress plugin, slug: responsive-lightbox) Vulnerability: CVE-2026-2479 (Medium severity; CVSS 5.0, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N) This issue affects Responsive Lightbox & Gallery...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors PixelYourSite – Your smart PIXEL (TAG) & API Manager (slug: pixelyoursite) has a High-severity vulnerability (CVE-2026-1841, CVSS 7.2) affecting versions up to and including 11.2.0. It is an unauthenticated stored cross-site scripting (XSS) issue,...
Recent Comments