by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors The Drift WordPress theme (versions 1.5.0 and earlier) has a Medium-severity vulnerability (CVE-2025-12116, CVSS 6.4) that can be abused by an authenticated user with at least Contributor access. In practical terms, this means anyone who can create or...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-12448 is a Medium severity issue (CVSS 6.4) affecting the WordPress plugin Smartsupp – live chat, AI shopping assistant and chatbots (smartsupp-live-chat) in versions up to 3.9.1. It is an authenticated (Subscriber+) Stored Cross-Site Scripting...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Easy SVG Support (slug: easy-svg) is affected by a Medium-severity vulnerability (CVSS 6.1) that allows stored cross-site scripting (XSS) through SVG file uploads in versions up to and including 4.0. The primary attack path is through a user account...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-12375 is a Medium-severity Server-Side Request Forgery (SSRF) issue (CVSS 6.4) affecting the Printful Integration for WooCommerce plugin (slug: printful-shipping-for-woocommerce) in versions 2.2.11 and earlier. The attack requires an...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Aruba HiSpeed Cache (WordPress plugin slug: aruba-hispeed-cache) versions 3.0.2 and earlier have a Medium severity vulnerability (CVSS 6.5; CVE-2025-11725) that can be abused over the network without requiring a logged-in user account. Because the issue...
Recent Comments