by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-1557 is a High-severity vulnerability (CVSS 7.5; CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) affecting the WP Responsive Images WordPress plugin (wp-responsive-images) in all versions up to and including 1.0. The issue is exploitable without...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-2498 affects the WP Social Meta WordPress plugin (slug: wp-social-meta) in versions <= 1.0.1. It is a Medium severity issue (CVSS 4.4, vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N). The attack requires an authenticated user with...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Medium severity advisory (CVSS 4.4): CVE-2026-2499 affects the Custom Logo WordPress plugin (custom-logo) in versions <= 2.2. The issue is a stored cross-site scripting (XSS) risk tied to the plugin’s logo path setting in the WordPress admin. According to the...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors EM Cost Calculator (slug: cost-calculator) has a Medium-severity issue (CVSS 6.1, CVE-2026-2506) that can be triggered by an unauthenticated attacker over the internet. The attacker’s goal is to submit a malicious value into the plugin’s customer_name...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors The Related Videos for JW Player WordPress plugin (slug: related-videos-for-jw-player) is affected by a Medium severity issue (CVSS 6.1) tracked as CVE-2025-32516. This is a reflected cross-site scripting (XSS) vulnerability in versions up to and...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-2694 is a Medium-severity vulnerability (CVSS 5.4; CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) affecting the The Events Calendar WordPress plugin (the-events-calendar) in versions up to and including 6.15.16. The issue can be exploited...
Recent Comments