by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Critical risk: CVE-2025-12882 affects the WordPress plugin Clasifico Listing (slug: clasifico-listing) in versions up to, and including, 2.0, with a CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The primary attack path is...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-13048 affects the WordPress plugin StatCounter – Free Real Time Visitor Stats (slug: official-statcounter-plugin-for-wordpress) in versions up to and including 2.1.0. It is a Medium severity issue (CVSS 6.4). The attack requires an...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-13079 affects the WordPress plugin Popup Builder – Create highly converting, mobile friendly marketing popups. (slug: popup-builder) in versions up to and including 4.4.2. The severity is Medium (CVSS 5.3). The primary attack path is an...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-12448 is a Medium severity issue (CVSS 6.4) affecting the WordPress plugin Smartsupp – live chat, AI shopping assistant and chatbots (smartsupp-live-chat) in versions up to 3.9.1. It is an authenticated (Subscriber+) Stored Cross-Site Scripting...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Easy SVG Support (slug: easy-svg) is affected by a Medium-severity vulnerability (CVSS 6.1) that allows stored cross-site scripting (XSS) through SVG file uploads in versions up to and including 4.0. The primary attack path is through a user account...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors CVE-2025-12375 is a Medium-severity Server-Side Request Forgery (SSRF) issue (CVSS 6.4) affecting the Printful Integration for WooCommerce plugin (slug: printful-shipping-for-woocommerce) in versions 2.2.11 and earlier. The attack requires an...
Recent Comments