by Ivan Sorkin | Apr 15, 2026 | Plugins
TS Poll – Survey, Versus Poll, Image Poll, Video Poll (WordPress plugin slug: poll-wp) has a Medium-severity missing authorization issue tracked as CVE-2025-68588. According to the public advisory, versions up to and including 2.5.5 lack a required capability check on...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors The WooReports — Advanced Reporting for WooCommerce (slug: wc-reports-lite) plugin is affected by a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-62957) in versions up to and including 1.0.0. The reported severity is Medium (CVSS 4.3). This...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors CVE-2025-63050 is a Medium-severity (CVSS 6.4) Stored Cross-Site Scripting (XSS) vulnerability affecting the reHub Framework WordPress plugin (slug: rehub-framework) in versions before 19.9.9.7. The attack requires an authenticated WordPress user with...
by Ivan Sorkin | Apr 15, 2026 | Plugins
Attack Vectors Tapfiliate (WordPress plugin) versions up to and including 3.2.2 are affected by a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVE-2025-58689, CVSS 6.4). An attacker must be authenticated and have at least Contributor-level access (or...
by Ivan Sorkin | Apr 15, 2026 | Uncategorized
Attack Vectors Custom 404 Pro (slug: custom-404-pro) is affected by CVE-2025-62880, a Medium-severity Cross-Site Request Forgery (CSRF) issue (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). This type of vulnerability is typically exploited through...
Recent Comments