by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Video Conferencing with Zoom (WordPress plugin slug: video-conferencing-with-zoom-api) is affected by CVE-2026-1368, rated Medium severity (CVSS 5.3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). The risk is driven by the fact that an attacker does not...
by Ivan Sorkin | Feb 24, 2026 | Plugins
CVE-2026-25384 (Medium severity) affects WP-Lister Lite for eBay (WordPress plugin slug: wp-lister-for-ebay) in versions up to and including 3.8.5. The issue is a missing authorization (capability) check that can allow an unauthenticated attacker to perform an...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors This medium-severity vulnerability (CVSS 4.9) affects the WordPress plugin Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization (slug: nelio-ab-testing) in versions up to and including 8.2.4. The issue is an authenticated SQL...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25387 is a Medium-severity missing authorization issue (CVSS 4.3) affecting Image Optimizer – Optimize Images and Convert to WebP or AVIF (slug: image-optimization) in versions <= 1.7.1. The primary attack path is through a legitimate login:...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Ally – Web Accessibility & Usability (slug: pojo-accessibility) versions up to and including 4.0.2 are affected by CVE-2026-25386 (Severity: Medium, CVSS 5.3). Because the issue can be exploited by an unauthenticated attacker (no login required) and...
Recent Comments