by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Razorpay for WooCommerce (slug: woo-razorpay) versions 4.7.8 and earlier have a Medium-severity issue (CVE-2025-14294, CVSS 5.3) that can be exploited over the internet without a user account. An unauthenticated attacker who can know or guess a...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Lizza LMS Pro (WordPress plugin slug: lizza-lms-pro) is affected by a Critical unauthenticated privilege escalation vulnerability (CVE-2025-13563, CVSS 9.8). In practical terms, an attacker can target the site’s public-facing user registration flow—no...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The PostmarkApp Email Integrator plugin (slug: postmarkapp-email-integrator) is affected by a Medium-severity vulnerability (CVSS 4.4) identified as CVE-2026-1043. It is a Stored Cross-Site Scripting (XSS) issue that can be exploited through the...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2026-0974 is a High-severity vulnerability (CVSS 8.8) affecting Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin (slug: orderable) in versions up to and including 1.20.0. The core risk is that an attacker only needs a...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-13864 affects the Breeze – WordPress Cache Plugin (slug: breeze) in versions 2.2.21 and below with a Medium severity (CVSS 5.3). The issue can be exploited remotely over the internet when a site administrator has enabled Breeze’s API...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Breadcrumb NavXT (slug: breadcrumb-navxt) has a Medium severity vulnerability (CVSS 5.3, CVE-2025-13842) that can be exploited remotely by unauthenticated attackers. The issue stems from the plugin’s Gutenberg block renderer trusting a user-supplied...
Recent Comments