by Ivan Sorkin | Feb 16, 2026 | Plugins
Attack Vectors WowRevenue – Product Bundles & Bulk Discounts (slug: revenue) is affected by a High-severity vulnerability (CVE-2026-2001, CVSS 8.8) that can be exploited by an authenticated user with Subscriber-level access or higher. In practical terms, this...
by Ivan Sorkin | Feb 15, 2026 | Plugins
Attack Vectors FPW Category Thumbnails (slug: fpw-category-thumbnails) has a Medium-severity vulnerability (CVE-2025-31841, CVSS 4.3) affecting versions 1.9.5 and earlier. The issue is described as a missing authorization (capability) check on a plugin function. From...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors CVE-2026-1793 affects the WordPress plugin Element Pack Addons for Elementor (slug: bdthemes-element-pack-lite) in versions up to and including 8.3.17. The vulnerability is rated Medium severity (CVSS 6.5), and it can be exploited remotely over the...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors Ecwid by Lightspeed Ecommerce Shopping Cart (WordPress plugin slug: ecwid-shopping-cart) is affected by a High-severity privilege escalation vulnerability (CVSS 8.8) tracked as CVE-2026-1750. The issue applies to versions up to and including 7.0.7. The...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors Product: Spam protection, Honeypot, Anti-Spam by CleanTalk (cleantalk-spam-protect) Vulnerability: CVE-2026-1490 — Authorization bypass via reverse DNS (PTR record) spoofing leading to unauthenticated arbitrary plugin installation Severity: Critical...
Recent Comments