by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Miraculous Elementor (slug: miraculous-el) versions 2.0.7 and below contain a High-severity privilege escalation issue (CVSS 8.8) tracked as CVE-2025-67998. This vulnerability can be exploited by an attacker who already has a valid WordPress account...
by Ivan Sorkin | Feb 17, 2026 | Themes
Attack Vectors The vulnerability CVE-2025-69329 affects the Prestige WordPress theme (slug: prestige) in versions up to 1.4.1. It is rated High severity (CVSS 8.1). This issue is described as an unauthenticated PHP Object Injection, meaning an attacker does not need a...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-68526 is a High severity vulnerability (CVSS 7.5) affecting the WordPress plugin Modal Popup Box: A Flexible Pop Up Box Builder (slug: modal-popup-box) in versions 1.6.1 and earlier. The issue is a PHP Object Injection risk caused by...
by Ivan Sorkin | Feb 17, 2026 | Themes
Attack Vectors Prestige (WordPress theme, slug: prestige) is affected by a Medium-severity vulnerability (CVSS 6.1) tracked as CVE-2025-69330. This is a reflected cross-site scripting (XSS) issue in versions up to 1.4.1. The most common business-facing attack path is...
by Ivan Sorkin | Feb 17, 2026 | Themes
Attack Vectors Exzo (Electronics eCommerce WordPress WooCommerce Theme) versions up to and including 1.2.4 are affected by CVE-2025-69393, a Medium severity issue (CVSS 5.3) involving missing authorization. In practical terms, this means an attacker can reach at least...
Recent Comments