by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Membership Plugin – Restrict Content (slug: restrict-content) is affected by a Medium severity vulnerability (CVSS 4.4, CVE-2026-1304) in versions 3.2.18 and earlier. The issue is a Stored Cross-Site Scripting (XSS) weakness in multiple invoice settings...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors WP Plugin Info Card (slug: wp-plugin-info-card) versions 6.2.0 and below are affected by a medium-severity Cross-Site Request Forgery (CSRF) issue (CVE: CVE-2026-2023, CVSS 4.3). The most likely attack path is social engineering: an attacker persuades a...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors VK All in One Expansion Unit (slug: vk-all-in-one-expansion-unit) has a Medium severity stored cross-site scripting (XSS) vulnerability (CVE-2025-11737) affecting versions up to and including 9.112.3. The issue can be exploited by an authenticated...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-12356 is a Medium-severity authorization issue affecting Tickera – Sell Tickets & Manage Events (slug: tickera-event-ticketing-system) in versions up to 3.5.6.4. It involves a WordPress AJAX function (wp_ajax_change_ticket_status) that can...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-12122 is a Medium-severity Stored Cross-Site Scripting (XSS) issue affecting Popup Box – Easily Create WordPress Popups (slug: popup-box) in versions 3.2.12 and earlier. The primary attack path is through the plugin’s iframeBox shortcode. An...
Recent Comments