by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors XO Event Calendar (slug: xo-event-calendar) versions 3.2.10 and below are affected by a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVE-2026-0556, CVSS 6.4). The key risk factor is that an attacker only needs a legitimate WordPress account...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Groups (slug: groups) versions 3.10.0 and below contain a Medium severity vulnerability (CVSS 6.4, CVE-2026-0549) that can be exploited by an authenticated user with Contributor-level access or higher. The attack uses the plugin’s groups_group_info...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-14851 affects the YaMaps for WordPress plugin (slug: yamaps) in versions up to and including 0.6.40, and is rated Medium severity (CVSS 6.4). The issue is a stored cross-site scripting (XSS) vulnerability that can be triggered through the yamap...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-15041 affects the BackWPup – WordPress Backup & Restore Plugin (slug: backwpup) in versions up to and including 5.6.2, and is rated High severity (CVSS 7.2). The issue is an authenticated privilege escalation path, meaning an attacker must...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The vulnerability (CVE-2025-14983) affects the WordPress plugin Advanced Custom Fields: Font Awesome Field (slug: advanced-custom-fields-font-awesome) in versions 5.0.1 and earlier. It is a Medium severity issue (CVSS 6.4) that requires an authenticated...
Recent Comments