by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25378 is a Medium-severity SQL Injection vulnerability (CVSS 4.9) affecting Nelio A/B Testing – AB Tests and Heatmaps for Better Conversion Optimization (slug: nelio-ab-testing) versions up to and including 8.2.4. The attack requires an...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Aruba HiSpeed Cache (WordPress plugin) versions up to and including 3.0.4 are affected by CVE-2026-23545, a Medium-severity issue (CVSS 5.3). The primary exposure is that an unauthenticated attacker can reach a vulnerable plugin function over the...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-1368 affects the Video Conferencing with Zoom WordPress plugin (slug: video-conferencing-with-zoom-api) and is rated Medium severity (CVSS 5.3; CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Because the issue can be exploited over the network...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25384 is a Medium-severity missing authorization issue (CVSS 5.3) affecting WP-Lister Lite for eBay (slug: wp-lister-for-ebay) in versions up to and including 3.8.5. The vulnerability stems from a missing capability check on a plugin function,...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25386 is a medium-severity (CVSS 5.3) missing authorization issue in the Ally – Web Accessibility & Usability WordPress plugin (slug: pojo-accessibility) affecting versions up to and including 4.0.2. Because the vulnerable function lacks a...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25387 affects the Image Optimizer – Optimize Images and Convert to WebP or AVIF plugin (slug: image-optimization), also known as Image Optimizer by Elementor, in versions up to and including 1.7.1. The severity is rated Medium (CVSS 4.3). This...
Recent Comments