by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors The medium-severity vulnerability (CVSS 5.3) in YayCurrency – WooCommerce Multi-Currency Switcher (slug: yaycurrency) affects all versions up to and including 3.3 and can be exploited remotely over the internet. Because the issue allows unauthenticated...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment (WordPress plugin slug: booking-and-rental-manager-for-woocommerce) has a High severity vulnerability (CVE-2025-69328, CVSS 7.5) affecting versions up to and including...
by Ivan Sorkin | Feb 17, 2026 | Themes
Attack Vectors CVE-2025-67995 affects the PatioTime – Restaurant WordPress Theme (slug: patiotime) in versions below 2.1 and is rated High severity (CVSS 8.1). The issue is an unauthenticated PHP Object Injection risk triggered when untrusted input is...
by Ivan Sorkin | Feb 17, 2026 | Themes
Attack Vectors Travelicious – Tour Operator WordPress Theme (slug: travelicious) versions earlier than 1.6.7 are affected by CVE-2025-67997, a High severity issue (CVSS 8.1). The risk is notable because the vulnerability can be reached by unauthenticated...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-24955 is a Medium severity reflected cross-site scripting (XSS) issue affecting the Whizz Plugins WordPress plugin (slug: whizz-plugins) in versions up to and including 1.9 (CVSS 6.1). The risk starts when an attacker can get someone to click a...
Recent Comments