by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-13727 is a Medium-severity Stored Cross-Site Scripting (XSS) issue in Video Share VOD – Turnkey Video Site Builder Script (slug: video-share-vod) affecting versions up to 2.7.11. The attacker must already be authenticated with Editor-level...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors WPNakama – Team and multi-Client Collaboration, Editorial and Project Management (slug: wpnakama) has a High severity vulnerability (CVSS 7.5, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) identified as CVE-2026-2495. The issue can be triggered through...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors SiteOrigin Widgets Bundle (slug: so-widgets-bundle) versions 1.70.4 and earlier have a Medium severity issue (CVSS 5.4) that can be abused by someone who already has a login on your site. The risk is specifically tied to authenticated users—including...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1649 affects the WordPress plugin Community Events (slug: community-events) in versions 1.5.7 and earlier. It is a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 4.4) that requires an attacker to already be authenticated with...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1941 affects the WordPress plugin “WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar” (slug: wp-event-aggregator) in versions up to and including 1.8.7. It is rated Medium...
Recent Comments