by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The WordPress plugin s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (slug: s2member) has a Medium severity vulnerability (CVSS 6.4) identified as CVE-2025-13732. It is a Stored...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The vulnerability in Album and Image Gallery Plus Lightbox (slug: album-and-image-gallery-plus-lightbox) affects WordPress sites running plugin versions 2.1.7 and earlier. It is a Medium severity issue (CVSS 6.4) identified as CVE-2025-13612. An...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Apollo13 Framework Extensions (slug: apollo13-framework-extensions) versions 1.9.8 and below are affected by a Medium-severity vulnerability (CVE-2025-13617, CVSS 6.4) that allows Stored Cross-Site Scripting (XSS) by abusing the a13_alt_link parameter....
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Medium severity (CVSS 6.5) vulnerability CVE-2025-13587 affects the WordPress plugin Two Factor (2FA) Authentication via Email (slug: two-factor-2fa-via-email) in versions up to and including 1.9.8. The issue can be exploited during the login process...
by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors Shopire (slug: shopire) versions 1.0.57 and earlier have a Medium-severity vulnerability (CVSS 4.3, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) tracked as CVE-2025-13091. An attacker must have an authenticated WordPress account with Subscriber-level...
Recent Comments