by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Academy LMS – WordPress LMS Plugin for Complete eLearning Solution (slug: academy) is affected by a Medium-severity missing authorization issue (CVE-2026-25372, CVSS 4.3) in versions 3.5.3 and earlier. The primary attack vector is an authenticated user...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-23541 is a medium-severity missing-authorization issue in the Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more WordPress plugin (slug: mail-mint), affecting versions up to and including...
by Ivan Sorkin | Feb 24, 2026 | Themes
Attack Vectors CVE-2026-25374 affects the Spa and Salon WordPress theme (slug: spa-and-salon) in versions up to and including 1.3.2. This is a Medium severity issue (CVSS 5.3; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), meaning it can be reached over the...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25378 is a Medium-severity SQL Injection vulnerability (CVSS 4.9) affecting Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization (slug: nelio-ab-testing) versions up to and including 8.2.4. The attack requires an...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Aruba HiSpeed Cache (WordPress plugin) versions up to and including 3.0.4 are affected by CVE-2026-23545, a Medium-severity issue (CVSS 5.3). The primary exposure is that an unauthenticated attacker can reach a vulnerable plugin function over the...
Recent Comments