by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Truelysell Core (WordPress plugin slug: truelysell-core) has a Critical vulnerability (CVSS 9.8) that can be exploited without authentication. In practical terms, an attacker can target the site’s public-facing registration flow and attempt to create a...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more (slug: mail-mint) has a Medium-severity vulnerability (CVE-2026-1258, CVSS 4.9) affecting versions up to and including 1.19.2. This issue is an...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-1254 is a Medium severity issue (CVSS 4.3) affecting the WordPress plugin Modula Image Gallery – Photo Grid & Video Gallery (slug: modula-best-grid-gallery) in versions 2.13.6 and earlier. The weakness can be abused through the plugin’s...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-1843 is a High severity Stored Cross-Site Scripting (XSS) vulnerability affecting the Super Page Cache WordPress plugin (slug: wp-cloudflare-page-cache) in versions 5.2.2 and earlier. The issue is reachable over the network and does not require...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-0550 is a Medium-severity vulnerability (CVSS 6.4) affecting the WordPress plugin myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program (slug: mycred) in versions up to and including 2.9.7.3. The issue can be...
Recent Comments