by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors The Mega Store Woocommerce WordPress theme (slug: mega-store-woocommerce) has a Medium severity issue (CVSS 5.3) that can be abused by an attacker who already has a logged-in account on your site. This includes low-privilege roles such as Subscriber and...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Lizza LMS Pro (WordPress plugin slug: lizza-lms-pro) is affected by a Critical unauthenticated privilege escalation vulnerability (CVE-2025-13563, CVSS 9.8). In practical terms, an attacker can target the site’s public-facing user registration flow—no...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The PostmarkApp Email Integrator plugin (slug: postmarkapp-email-integrator) is affected by a Medium-severity vulnerability (CVSS 4.4) identified as CVE-2026-1043. It is a Stored Cross-Site Scripting (XSS) issue that can be exploited through the...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2026-0974 is a High-severity vulnerability (CVSS 8.8) affecting Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin (slug: orderable) in versions up to and including 1.20.0. The core risk is that an attacker only needs a...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-13864 affects the Breeze – WordPress Cache Plugin (slug: breeze) in versions 2.2.21 and below with a Medium severity (CVSS 5.3). The issue can be exploited remotely over the internet when a site administrator has enabled Breeze’s API...
Recent Comments