by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Country Blocker for AdSense (WordPress plugin slug: country-blocker-for-adsense) has a Medium severity vulnerability (CVSS 4.3) tracked as CVE-2025-13413. The issue is a Cross-Site Request Forgery (CSRF) that can allow an attacker to change the plugin’s...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Product: Page Title, Description & Open Graph Updater (slug: page-title-description-open-graph-updater) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) issue (CVE-2025-13438, CVSS 4.3). An attacker does not need to log in to your...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Easy Table of Contents (slug: easy-table-of-contents) is affected by a Medium-severity stored cross-site scripting (XSS) vulnerability (CVE-2025-13738, CVSS 6.4) in versions up to and including 2.0.78. The issue is tied to the plugin’s ez-toc shortcode,...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The WordPress plugin s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (slug: s2member) has a Medium severity vulnerability (CVSS 6.4) identified as CVE-2025-13732. It is a Stored...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors The vulnerability in Album and Image Gallery Plus Lightbox (slug: album-and-image-gallery-plus-lightbox) affects WordPress sites running plugin versions 2.1.7 and earlier. It is a Medium severity issue (CVSS 6.4) identified as CVE-2025-13612. An...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Apollo13 Framework Extensions (slug: apollo13-framework-extensions) versions 1.9.8 and below are affected by a Medium-severity vulnerability (CVE-2025-13617, CVSS 6.4) that allows Stored Cross-Site Scripting (XSS) by abusing the a13_alt_link parameter....
Recent Comments