by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Severity: Medium (CVSS 5.3). The WordPress plugin Alt Text AI – Automatically generate image alt text for SEO and accessibility (also referred to as Download Alt Text AI) is affected in versions up to and including 1.10.15 by CVE-2026-25348 (CVE...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Gallery by FooGallery (plugin slug: foogallery) is affected by a Medium-severity vulnerability (CVSS 6.4) tracked as CVE-2026-25362. The issue impacts versions up to and including 3.1.11. This is an authenticated, Author+ stored cross-site scripting...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress (slug: sprout-invoices) is affected by CVE-2026-25364, rated Medium severity (CVSS 5.3). According to the published advisory, versions up to and including 20.8.8 may allow...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors CVE-2026-25363 affects the WordPress plugin Gallery by FooGallery (slug: foogallery) up to and including version 3.1.11. The issue is categorized as Medium severity (CVSS 4.3, vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N), meaning it can be...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors SureForms – Contact Form, Payment Form & Other Custom Form Builder (slug: sureforms) versions <= 2.2.1 are affected by a Medium-severity missing authorization issue (CVSS 5.3). Because the weakness can be triggered by an unauthenticated user (no...
by Ivan Sorkin | Feb 24, 2026 | Plugins
Attack Vectors Product affected: Link Whisper Free (WordPress plugin, slug: link-whisper) versions up to and including 0.9.0. This is a Medium severity vulnerability (CVSS 6.1, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) tracked as CVE-2026-22357 (CVE...
Recent Comments