by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Rent Fetch (WordPress plugin slug: rentfetch) versions 0.32.4 and below are affected by a High-severity vulnerability (CVSS 7.2, CVE-2026-1931) that enables unauthenticated stored cross-site scripting (XSS) via the ‘keyword’ parameter....
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-24525 affects the CLP Varnish Cache WordPress plugin (slug: clp-varnish-cache) in versions up to and including 1.0.2. The issue is rated Medium severity (CVSS 5.3) and stems from a missing capability (authorization) check on a plugin function....
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Critical risk has been identified in the WordPress Upload Files Anywhere plugin (slug: wp-upload-files-anywhere) affecting versions up to and including 2.8. This issue is tracked as CVE-2025-69379 with a CVSS 9.1 score...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors The WordPress Upload Files Anywhere plugin (slug: wp-upload-files-anywhere) is affected by a High-severity vulnerability (CVSS 7.5) identified as CVE-2025-69380. The issue allows unauthenticated attackers to exploit a path traversal weakness to download...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-69381 is a Medium severity (CVSS 4.3) missing-authorization issue affecting the WooCommerce Bulk Product Editor WordPress plugin (slug: woocommerce-quick-product-editor) in versions up to, and including, 3.0. The risk comes from the fact that...
Recent Comments