by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-0572 is a Medium severity vulnerability (CVSS 6.5) affecting the WebPurify Profanity Filter WordPress plugin (slug: webpurifytextreplace) in versions 4.0.2 and earlier. The issue allows an unauthenticated attacker to change plugin settings over...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Product: Starfish Review Generation & Marketing for WordPress (slug: starfish-reviews) Vulnerability: CVE-2025-15157 (Severity: High, CVSS 8.8; Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) This issue affects Starfish Review Generation &...
by Ivan Sorkin | Feb 12, 2026 | Themes
Attack Vectors High severity vulnerability (CVSS 8.8) reported as CVE-2025-6990 affects the KALLYAS – Creative eCommerce Multi-Purpose WordPress Theme (slug: kallyas-2) in versions up to and including 4.24.0. The issue enables authenticated Remote Code Execution...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors Related Videos for JW Player (WordPress plugin slug: related-videos-for-jw-player) is affected by a Medium-severity vulnerability (CVE-2025-32516, CVSS 6.1) involving reflected cross-site scripting (XSS). In practical terms, an external attacker can...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2023-47517 is a Medium-severity reflected cross-site scripting (XSS) issue in the SendPress Newsletters WordPress plugin (slug: sendpress) affecting versions up to and including 1.23.11.6. An unauthenticated attacker can attempt to inject malicious...
Recent Comments