by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The WordPress plugin xmlrpc attacks blocker (slug: xmlrpc-attacks-blocker) is affected by a Medium-severity issue (CVSS 6.1) identified as CVE-2026-2502. The attack can be launched remotely by an unauthenticated party over the internet. The weakness...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The salavat counter Plugin (slug: salavat-counter) has a Medium-severity vulnerability (CVE-2026-1047, CVSS 4.4) that requires an attacker to already be authenticated with Administrator-level access or higher. In practical terms, this is most relevant...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Remove Post Type Slug (slug: remove-post-type-slug) has a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVSS 4.3, CVE: CVE-2025-14167) affecting versions up to and including 1.0.2. An unauthenticated attacker cannot directly “log in,”...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors TalkJS (WordPress plugin slug: talkjs) versions 0.1.15 and earlier are affected by a Medium-severity vulnerability (CVE-2026-1055, CVSS 4.4) that allows stored cross-site scripting (XSS) through an administrator settings field named welcomeMessage. The...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The iXML – Google XML sitemap generator plugin (versions up to and including 0.6) has a Medium-severity vulnerability (CVSS 6.1) identified as CVE-2025-14076. It is a reflected cross-site scripting (XSS) issue triggered via the iXML_email parameter....
Recent Comments