by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2025-47557 is a Medium severity stored cross-site scripting (XSS) issue (CVSS 6.4) affecting the MapSVG WordPress plugin (slug: mapsvg) in versions up to and including 8.5.31. The vulnerability can be exploited by an authenticated user with...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2025-31922 affects the CSS3 Accordions for WordPress plugin (slug: css3_accordions) in all versions up to and including 3.0. This is a Medium-severity issue (CVSS 6.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). The attack path typically starts...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2025-32306 is a Medium-severity SQL Injection vulnerability (CVSS 6.5) affecting the Radio Player Shoutcast & Icecast WordPress Plugin (slug: audio4-html5) in versions 4.4.6 and earlier. The attack requires an attacker to be authenticated with...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-24543 is a Medium-severity (CVSS 4.3) missing authorization issue affecting the Materialis Companion WordPress plugin (slug: materialis-companion) in versions up to and including 1.3.52. Because the vulnerable function lacks a proper capability...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2026-24553 is a Medium-severity information exposure issue (CVSS 4.3) affecting the Fraud Prevention For WooCommerce and EDD WordPress plugin (slug: woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers) in versions up to and including...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2024-43257 is a medium-severity sensitive information exposure issue (CVSS 4.3) affecting Leopard – WordPress Offload Media (slug: leopard-wordpress-offload-media) in versions up to and including 2.0.36. The key business concern is that the...
Recent Comments