by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors WP-DownloadManager (slug: wp-downloadmanager) versions 1.69 and below contain a medium-severity vulnerability (CVSS 6.5) that can be exploited by an authenticated user with Administrator-level access (or higher). The issue is triggered through the...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (slug: custom-registration-form-builder-with-submission-manager) has a Medium severity vulnerability (CVSS 5.3, CVE-2025-14444) that can be exploited remotely and...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Blog2Social: Social Media Auto Post & Scheduler (slug: blog2social) versions 8.7.4 and earlier contain a Medium severity authorization flaw (CVSS 6.5; CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) tracked as CVE-2026-1942. The primary attack path is...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Medium severity (CVSS 6.4) vulnerability CVE-2025-11185 affects the WordPress plugin Complianz – GDPR/CCPA Cookie Consent (slug: complianz-gdpr) in versions up to and including 7.4.3. The issue is an authenticated stored cross-site scripting (XSS) flaw...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-2126 affects the WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End (slug: user-submitted-posts) in versions up to and including 20260113, with a Medium severity (CVSS 5.3). The issue can be abused over the...
Recent Comments