by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors The vulnerability affects the WordPress plugin Sudoku Shortcode (slug: sudoku-shortcode) in versions up to and including 1.0.0, and is rated Medium severity (CVSS 6.4). It involves a stored cross-site scripting (XSS) issue through the background...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors The WordPress plugin iONE360 configurator (slug: ione360-configurator) has a High severity vulnerability (CVSS 7.2, CVE-2025-15440) that can be exploited by unauthenticated attackers over the network. This means an attacker does not need a user account...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors This medium-severity vulnerability (CVSS 6.4) affects the WordPress plugin OpenPOS Lite – Point of Sale for WooCommerce (slug: wpos-lite-version) in versions up to and including 3.0. The issue is an authenticated stored cross-site scripting (XSS)...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-1809 affects the WordPress plugin HTML Shortcodes (slug: html-shortcodes) in versions up to and including 1.1. This is a Medium severity issue (CVSS 6.4) that allows an authenticated user with Contributor-level access or higher to place...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors The WaMate Confirm – Order Confirmation WordPress plugin (slug: wamate-confirm) is affected by a Medium severity authorization issue (CVE-2026-1833, CVSS 5.3). The core risk is that an authenticated user who should not have operational control...
Recent Comments