by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Breadcrumb NavXT (slug: breadcrumb-navxt) has a Medium severity vulnerability (CVSS 5.3, CVE-2025-13842) that can be exploited remotely by unauthenticated attackers. The issue stems from the plugin’s Gutenberg block renderer trusting a user-supplied...
by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors Buyent Theme (bundled with the Buyent Classified plugin, slug buyent) has a Critical vulnerability (CVSS 9.8, CVE-2025-13851) that can be exploited remotely over the internet. The issue involves the user registration flow exposed through a REST API...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Country Blocker for AdSense (WordPress plugin slug: country-blocker-for-adsense) has a Medium severity vulnerability (CVSS 4.3) tracked as CVE-2025-13413. The issue is a Cross-Site Request Forgery (CSRF) that can allow an attacker to change the plugin’s...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Product: Page Title, Description & Open Graph Updater (slug: page-title-description-open-graph-updater) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) issue (CVE-2025-13438, CVSS 4.3). An attacker does not need to log in to your...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Easy Table of Contents (slug: easy-table-of-contents) is affected by a Medium-severity stored cross-site scripting (XSS) vulnerability (CVE-2025-13738, CVSS 6.4) in versions up to and including 2.0.78. The issue is tied to the plugin’s ez-toc shortcode,...
Recent Comments