by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors GZSEO (slug: gzseo) versions 2.0.11 and earlier have a Medium severity vulnerability (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) tracked as CVE-2025-14941. The attack requires an authenticated WordPress account with Contributor-level access...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2025-14852 is a medium-severity Cross-Site Request Forgery (CSRF) issue affecting the MDirector Newsletter WordPress plugin (mdirector-newsletter) in versions up to and including 4.5.8 (CVSS 4.3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). In...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Payment Page | Payment Form for Stripe (slug: payment-page) versions 1.4.6 and earlier are affected by a Medium-severity Stored Cross-Site Scripting (XSS) issue tracked as CVE-2026-0751 (CVSS 6.4). This issue can be exploited by an authenticated...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25331 affects the WP Activity Log plugin (slug: wp-security-audit-log) in versions up to and including 5.5.4. This is a Medium severity issue (CVSS 6.4) where an attacker must already have a WordPress login with contributor-level access or...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CRM Memberships (slug: crm-memberships) versions 2.6 and earlier contain a Critical vulnerability (CVSS 9.8, CVE: CVE-2025-13313) that can be exploited remotely over the internet. Based on the disclosed CVSS vector (AV:N/AC:L/PR:N/UI:N), attackers do...
Recent Comments