by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The Ravelry Designs Widget WordPress plugin (slug: ravelry-designs-widget) has a Medium severity vulnerability (CVSS 6.4) identified as CVE-2026-1903. This issue affects all versions up to and including 1.0.0. The attack requires an authenticated...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors UpMenu – Online ordering for restaurants (slug: upmenu) has a Medium-severity vulnerability (CVSS 6.4, CVE-2026-1910) that can be exploited by an authenticated WordPress user with Contributor-level access or higher. The issue is a stored cross-site...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The WordPress plugin midi-Synth (slug: midi-synth) is affected by a Critical vulnerability (CVSS 9.8, CVE-2026-1306) in versions up to and including 1.1.0. The issue is tied to the plugin’s ‘export’ AJAX action, which can be reached by...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-0736 affects the Chatbot for WordPress by Collect.chat ⚡️ plugin (slug: collectchat) in versions up to and including 2.4.8. The reported severity is Medium (CVSS 6.4). The risk comes from an attacker who already has an authenticated WordPress...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Geo Widget (slug: geowidget) versions up to and including 1.0 are affected by CVE-2026-1792, rated Medium severity (CVSS 6.1, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Based on the published details, an unauthenticated attacker can attempt...
Recent Comments