by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-14342 affects the WordPress plugin SEO Plugin by Squirrly SEO (slug: squirrly-seo) in versions up to and including 12.4.14. It is rated Medium severity (CVSS 4.3), and the reported risk comes from the fact that an attacker only needs an...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-13930 affects the WordPress plugin Checkout Field Manager (Checkout Manager) for WooCommerce (slug: woocommerce-checkout-manager) in versions up to and including 7.8.5. The issue is rated Medium severity (CVSS 5.3). An unauthenticated attacker...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The vulnerability in OneClick Chat to Order (slug: oneclick-whatsapp-order) affects versions up to and including 1.0.9 and is rated Low severity (CVSS 2.7, CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). It can be exploited by an authenticated user who...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The Tennis Court Bookings WordPress plugin (slug: tennis-court-bookings) is affected by an authenticated stored cross-site scripting (XSS) issue rated Medium severity (CVSS 4.4; CVE-2026-1044). An attacker would need administrator-level (or higher)...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The WordPress plugin xmlrpc attacks blocker (slug: xmlrpc-attacks-blocker) is affected by a Medium-severity issue (CVSS 6.1) identified as CVE-2026-2502. The attack can be launched remotely by an unauthenticated party over the internet. The weakness...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The salavat counter Plugin (slug: salavat-counter) has a Medium-severity vulnerability (CVE-2026-1047, CVSS 4.4) that requires an attacker to already be authenticated with Administrator-level access or higher. In practical terms, this is most relevant...
Recent Comments