by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The WordPress plugin Advanced AJAX Product Filters (slug: woocommerce-ajax-filters) is affected by a High severity vulnerability (CVSS 8.8) tracked as CVE-2026-1426. The issue impacts all versions up to and including 3.1.9.6 and can be triggered by an...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Medium severity (CVSS 4.3) vulnerability CVE-2026-2386 affects the WordPress plugin The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce (slug: the-plus-addons-for-elementor-page-builder) in versions up...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors WP Import – Ultimate CSV XML Importer for WordPress (slug: wp-ultimate-csv-importer) has a Medium severity vulnerability (CVSS 6.5) identified as CVE-2026-1317. It is an authenticated (Subscriber+) SQL Injection that can be triggered through a crafted...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Bookster – WordPress Appointment Booking Plugin (slug: bookster) has a Medium severity vulnerability (CVSS 4.9) tracked as CVE-2025-8781. The issue is an authenticated SQL Injection that requires Administrator-level access (or higher), meaning the...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-14799 affects the WordPress plugin “Brevo – Email, SMS, Web Push, Chat, and more.” (slug: mailin) in versions up to and including 3.3.0. It is rated Medium severity (CVSS 6.5). The primary exposure is through a public-facing WordPress site...
Recent Comments