by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Product: News Element Elementor Blog Magazine (slug: news-element) Severity: Medium (CVSS 5.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) | CVE: CVE-2026-2284 This issue can be exploited by an attacker who already has a valid login on your WordPress...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Toret Manager (slug: toret-manager) versions up to and including 1.2.7 contain a High severity vulnerability (CVSS 8.8, CVE-2026-0912) that can be exploited by an authenticated user with Subscriber-level access or higher. This means an attacker does not...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Prodigy Commerce (WordPress plugin slug: prodigy-commerce) has a Critical vulnerability (CVE-2026-0926, CVSS 9.8) affecting all versions up to and including 3.2.9. The issue is an unauthenticated Local File Inclusion (LFI) vulnerability triggered...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Whatsiplus Scheduled Notification for Woocommerce (slug: whatsiplus-scheduled-notification-for-woocommerce) is affected by a Medium-severity vulnerability (CVSS 4.3) tracked as CVE-2026-1455. The issue is a Cross-Site Request Forgery (CSRF) in the...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Razorpay for WooCommerce (slug: woo-razorpay) versions 4.7.8 and earlier have a Medium-severity issue (CVE-2025-14294, CVSS 5.3) that can be exploited over the internet without a user account. An unauthenticated attacker who can know or guess a...
Recent Comments