by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2025-68002 is a Medium-severity vulnerability (CVSS 6.5) affecting the Open User Map WordPress plugin (slug: open-user-map) in versions up to and including 1.4.16. The issue can be exploited by an authenticated user with Subscriber-level access or...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-22384 affects the Applay – Shortcodes WordPress plugin (slug: applay-shortcodes) in versions up to and including 3.7. It is rated High severity with a CVSS 7.5 score (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). The most likely entry...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2025-69337 is a High-severity (CVSS 7.5) vulnerability affecting the Wolmart Core WordPress plugin (wolmart-core) in versions up to and including 1.9.6. The issue is an unauthenticated SQL Injection, meaning an attacker can target the site over the...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors The vulnerability (CVE-2026-3075) affects the WordPress plugin Simple Ajax Chat – Add a Fast, Secure Chat Box (slug: simple-ajax-chat) and is rated Medium severity (CVSS 5.3; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Because it is...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-23549 is a High-severity issue (CVSS 8.1, vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting WpEvently (Event Booking Manager for WooCommerce) (plugin slug: mage-eventpress) up to and including version 5.1.1. The vulnerability can...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-25385 is a medium-severity Server-Side Request Forgery (SSRF) vulnerability (CVSS 6.4) affecting the URL Shortify – Simple and Easy URL Shortener WordPress plugin (url-shortify) in versions up to and including 1.12.3. An attacker must be...
Recent Comments