by Ivan Sorkin | Feb 14, 2026 | Themes
Attack Vectors Critical severity (CVSS 9.8) vulnerability CVE-2025-32595 affects the Krowd – Crowdfunding & Charity WordPress Theme (slug: krowd) in versions up to and including 1.4.1. This issue is described as an Unauthenticated Local File Inclusion (LFI),...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors The WordPress plugin Media Library Folders (slug: media-library-plus) is affected by a Medium-severity issue (CVE-2026-2312, CVSS 4.3). The vulnerability can be triggered over the network by an authenticated user with Author-level access or higher,...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors MapSVG (slug: mapsvg) has a Medium severity vulnerability (CVSS 6.5) identified as CVE-2025-47562 that allows unauthenticated arbitrary shortcode execution in versions up to and including 8.5.34. Because no login is required, an external attacker can...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors CVE-2026-1512 affects the WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets (slug: essential-addons-for-elementor-lite) in versions up to and including 6.5.9. It is rated Medium severity (CVSS 6.4). The attack...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-1249 is a Medium severity Server-Side Request Forgery (SSRF) issue (CVSS 5.0) affecting the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar (slug: mp3-music-player-by-sonaar) in versions 5.3 through 5.10....
Recent Comments