by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-2281 affects the Private Comment WordPress plugin (slug: private-comment) in versions 0.0.4 and earlier. It is rated Medium severity (CVSS 4.4) and involves stored cross-site scripting (XSS) through the plugin’s “Label text”...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors The InteractiveCalculator for WordPress plugin (slug: interactivecalculator) has a Medium-severity vulnerability (CVSS 6.4; CVE-2026-1807) that can be exploited by an authenticated WordPress user with Contributor-level access or higher. This means the...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors The vulnerability (CVE-2026-2019) affects the WordPress plugin Cart All In One For WooCommerce (slug: woo-cart-all-in-one) in versions 1.1.21 and below and is rated High severity (CVSS 7.2). Exploitation requires an authenticated user with...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors The WordPress plugin Download Manager (slug: download-manager) is affected by a Medium-severity Reflected Cross-Site Scripting (XSS) issue (CVE-2026-1666) in versions up to and including 3.3.46. This type of vulnerability is typically exploited by...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-2633 affects Kadence Blocks — Page Builder Toolkit for Gutenberg Editor (also described as “Gutenberg Blocks with AI by Kadence WP”) for WordPress, in versions up to and including 3.6.1. It is rated Medium severity with a CVSS 4.3...
Recent Comments