by Ivan Sorkin | Feb 19, 2026 | Plugins
Attack Vectors The WordPress plugin Client Testimonial Slider (slug: wp-client-testimonial) is affected by a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 4.4; CVE-2026-2716). The risk arises when an authenticated user with Administrator-level access...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Simple Membership (WordPress plugin slug: simple-membership) versions 4.7.0 and below have a Medium severity vulnerability (CVE-2026-1461, CVSS 6.5) that can be exploited over the internet without authentication. The issue centers on the plugin’s Stripe...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2026-1219 is a medium-severity (CVSS 5.3) issue affecting the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar (slug: mp3-music-player-by-sonaar) in versions 4.0 through 5.10. An unauthenticated attacker can...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2026-1994 is a Critical vulnerability (CVSS 9.8) affecting the WordPress plugin s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (s2member) in versions up to and including 260127. The...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors IDonate – Blood Donation, Request And Donor Management System (slug: idonate) versions 2.1.5 through 2.1.9 contain a High-severity vulnerability (CVSS 8.8, CVE-2025-4521) that can be exploited by any authenticated WordPress user with Subscriber-level...
Recent Comments