by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1656 affects Business Directory Plugin – Easy Listing Directories for WordPress (slug: business-directory-plugin) in versions up to and including 6.4.20. Rated Medium severity (CVSS 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N),...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1655 is a Medium-severity issue (CVSS 4.3) affecting EventPrime – Events Calendar, Bookings and Tickets (slug: eventprime-event-calendar-management) in versions up to 4.2.8.4. An attacker must be authenticated (Subscriber/Customer level or...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-2419 affects the WP-DownloadManager WordPress plugin (slug: wp-downloadmanager) in versions 1.69 and earlier. This is a Low severity issue (CVSS 2.7) that requires an authenticated user with Administrator-level access (or higher) to exploit....
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Dam Spam (WordPress plugin) versions up to and including 1.0.8 have a Medium-severity issue (CVSS 4.3) that can be exploited through Cross-Site Request Forgery (CSRF). The attack path is straightforward: an unauthenticated attacker crafts a malicious...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1938 is a Medium-severity (CVSS 5.3) vulnerability affecting the WordPress plugin YayMail – WooCommerce Email Customizer (slug: yaymail) in versions up to and including 4.3.2. The issue centers on the plugin’s REST endpoint...
Recent Comments