by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The Slidorion WordPress plugin (slug: slidorion) is affected by a Medium-severity vulnerability (CVE-2026-2282, CVSS 4.4) in versions 1.0.2 and below. The issue is an authenticated Stored Cross-Site Scripting (XSS) risk that occurs through Slidorion’s...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Advance Block Extend (slug: advance-block-extend) versions 1.0.4 and earlier are affected by CVE-2026-1646, a Medium severity issue (CVSS 6.4). The vulnerability enables stored cross-site scripting (XSS) through the TitleColor block attribute in the...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Product: News Element Elementor Blog Magazine (slug: news-element) Severity: Medium (CVSS 5.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) | CVE: CVE-2026-2284 This issue can be exploited by an attacker who already has a valid login on your WordPress...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Toret Manager (slug: toret-manager) versions up to and including 1.2.7 contain a High severity vulnerability (CVSS 8.8, CVE-2026-0912) that can be exploited by an authenticated user with Subscriber-level access or higher. This means an attacker does not...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Prodigy Commerce (WordPress plugin slug: prodigy-commerce) has a Critical vulnerability (CVE-2026-0926, CVSS 9.8) affecting all versions up to and including 3.2.9. The issue is an unauthenticated Local File Inclusion (LFI) vulnerability triggered...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Whatsiplus Scheduled Notification for Woocommerce (slug: whatsiplus-scheduled-notification-for-woocommerce) is affected by a Medium-severity vulnerability (CVSS 4.3) tracked as CVE-2026-1455. The issue is a Cross-Site Request Forgery (CSRF) in the...
Recent Comments