by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Category Image (slug: category-image) has a Medium severity vulnerability (CVE-2026-0815) that allows authenticated users with Editor-level access or higher to inject malicious scripts into your WordPress site using the ‘tag-image’...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Microtango (slug: microtango) versions 0.9.29 and below are affected by a Medium-severity vulnerability (CVSS 6.4) identified as CVE-2026-1821. The issue is an authenticated Stored Cross-Site Scripting (XSS) weakness that can be triggered through...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Twitter posts to Blog (slug: twitter-posts-to-blog) versions up to and including 1.11.25 are affected by a Medium-severity authorization issue (CVSS 6.5, CVE-2026-1786). The issue allows unauthenticated attackers—meaning they do not need a valid...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-25024 is a Medium severity Cross-Site Request Forgery (CSRF) issue affecting the WordPress plugin ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (slug: thirstyaffiliates) in versions up to and including...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors The WordPress plugin Run Contests, Raffles, and Giveaways with ContestsWP (slug: contest-code-checker) is affected by an unauthenticated information exposure vulnerability in versions up to and including 2.0.7 (CVE-2026-25023). Because no login is...
Recent Comments