by Ivan Sorkin | Feb 21, 2026 | Plugins
Attack Vectors This Medium-severity vulnerability (CVE-2026-1787, CVSS 4.8) affects the LearnPress – Backup & Migration Tool WordPress plugin (slug: learnpress-import-export) in versions up to and including 4.1.0. The issue can be exploited remotely over the...
by Ivan Sorkin | Feb 21, 2026 | Plugins
Attack Vectors CVE-2025-15041 affects the BackWPup – WordPress Backup & Restore Plugin (slug: backwpup) in versions 5.0.0 through 5.6.2 and is rated High severity (CVSS 7.2, CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The primary attack path requires an...
by Ivan Sorkin | Feb 21, 2026 | Plugins
Attack Vectors CVE-2025-14339 is a Medium severity vulnerability (CVSS 6.5) affecting the WordPress plugin weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins (slug: wemail) in versions up to and including 2.0.7. It allows...
by Ivan Sorkin | Feb 20, 2026 | Plugins
Attack Vectors CVE-2026-2486 (Medium severity, CVSS 6.4) affects the WordPress plugin Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations (slug: master-addons) in versions up to and including 2.1.1. The issue is an...
by Ivan Sorkin | Feb 19, 2026 | Plugins
Attack Vectors The vulnerability affects the Quiz Maker WordPress plugin (slug: quiz-maker) in versions up to and including 6.7.1.7. It is a Medium-severity issue (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) identified as CVE-2026-2384. An attacker must...
by Ivan Sorkin | Feb 19, 2026 | Plugins
Attack Vectors CVE-2026-1581 is a High severity vulnerability affecting the wpForo Forum WordPress plugin (slug: wpforo) in versions up to and including 2.4.14. It enables an unauthenticated time-based SQL injection using the wpfob parameter, meaning an attacker can...
Recent Comments