by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25343 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability (CVSS 4.4) affecting the WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce WordPress plugin (slug: wp-sms) in versions <= 7.1. The...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25004 is a Medium-severity Stored Cross-Site Scripting (XSS) vulnerability (CVSS 6.4) affecting the CM Business Directory – Optimise and showcase local business WordPress plugin (cm-business-directory) in versions up to and including 1.5.3. The...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-24392 is a medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (slug: hurrytimer) in versions <= 2.14.2. The vulnerability can be...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-23805 is a Medium severity (CVSS 6.5) SQL Injection vulnerability affecting the Media Search Enhanced WordPress plugin (media-search-enhanced) in versions up to and including 0.9.1. The attack requires an authenticated WordPress account with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Wizard Cloak (WordPress plugin slug: wp-wizard-cloak) is affected by a Medium-severity vulnerability (CVE-2025-53237, CVSS 6.1) that can be triggered over the internet by an unauthenticated attacker. The issue is a reflected cross-site scripting (XSS)...
Recent Comments