by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Mailchimp List Subscribe Form (slug: mailchimp) versions 2.0.0 and below contain a Medium-severity issue (CVSS 4.3, CVE-2025-12172) that can be exploited through Cross-Site Request Forgery (CSRF). In practical terms, an attacker can send a crafted link...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Aruba HiSpeed Cache (WordPress plugin) versions 3.0.2 and earlier are affected by a Medium-severity vulnerability (CVSS 6.1) tracked as CVE-2025-11706. The issue is a Reflected Cross-Site Scripting (XSS) flaw that can be triggered through the dbstatus...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors High severity (CVSS 7.5) vulnerability tracked as CVE-2025-11754 affects the WordPress plugin Cookie Banner for GDPR / CCPA – WPLP Cookie Consent (slug: gdpr-cookie-consent) in versions up to and including 4.1.2. The primary attack path is remote and...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Booking Calendar (WordPress plugin slug: booking) is affected by a Medium-severity issue (CVSS 4.3) identified as CVE-2026-2230. The vulnerability is an Insecure Direct Object Reference (IDOR) in versions up to and including 10.14.14. An attacker must...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2026-1404 affects the WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin (slug: ultimate-member) and is rated Medium severity (CVSS 6.1). The issue is a reflected...
Recent Comments