by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (slug: custom-registration-form-builder-with-submission-manager) has a Medium severity vulnerability (CVSS 5.3, CVE-2025-14444) that can be exploited remotely and...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Blog2Social: Social Media Auto Post & Scheduler (slug: blog2social) versions 8.7.4 and earlier contain a Medium severity authorization flaw (CVSS 6.5; CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) tracked as CVE-2026-1942. The primary attack path is...
by Ivan Sorkin | Feb 18, 2026 | Plugins
Attack Vectors Medium severity (CVSS 6.4) vulnerability CVE-2025-11185 affects the WordPress plugin Complianz – GDPR/CCPA Cookie Consent (slug: complianz-gdpr) in versions up to and including 7.4.3. The issue is an authenticated stored cross-site scripting (XSS) flaw...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-2126 affects the WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End (slug: user-submitted-posts) in versions up to and including 20260113, with a Medium severity (CVSS 5.3). The issue can be abused over the...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-13727 is a Medium-severity Stored Cross-Site Scripting (XSS) issue in Video Share VOD – Turnkey Video Site Builder Script (slug: video-share-vod) affecting versions up to 2.7.11. The attacker must already be authenticated with Editor-level...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors WPNakama – Team and multi-Client Collaboration, Editorial and Project Management (slug: wpnakama) has a High severity vulnerability (CVSS 7.5, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) identified as CVE-2026-2495. The issue can be triggered through...
Recent Comments