by Ivan Sorkin | Feb 17, 2026 | Themes
Attack Vectors CVE-2025-12074 affects the Context Blog WordPress theme (slug: context-blog) in versions 1.2.5 and earlier, and is rated Medium severity (CVSS 5.3). The issue can be triggered by unauthenticated visitors over the network, meaning an attacker does not...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Frontend User Notes (slug: frontend-user-notes) has a Medium severity vulnerability (CVSS 4.3) affecting versions 2.1.0 and earlier. It involves an Insecure Direct Object Reference (IDOR) in the funp_ajax_modify_notes AJAX endpoint (CVE:...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Order Splitter for WooCommerce (slug: woo-order-splitter) is affected by a Medium-severity vulnerability (CVSS 4.3, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) tracked as CVE-2025-12075. The issue can be exploited by an attacker who already has a...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors EmailKit – Email Customizer for WooCommerce & WP (slug: emailkit) is affected by CVE-2026-1925, a Medium severity vulnerability (CVSS 4.3, vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) in versions 1.6.2 and below. The primary attack path is...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Filestack (WordPress plugin slug: filepicker-media-uploader) versions up to and including 2.0.8 are affected by CVE-2025-13959, a Medium-severity stored cross-site scripting (XSS) issue (CVSS 6.4). The reported entry point is the plugin’s filepicker...
Recent Comments