by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors SiteOrigin Widgets Bundle (slug: so-widgets-bundle) versions 1.70.4 and earlier have a Medium severity issue (CVSS 5.4) that can be abused by someone who already has a login on your site. The risk is specifically tied to authenticated users—including...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1649 affects the WordPress plugin Community Events (slug: community-events) in versions 1.5.7 and earlier. It is a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 4.4) that requires an attacker to already be authenticated with...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1941 affects the WordPress plugin “WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar” (slug: wp-event-aggregator) in versions up to and including 1.8.7. It is rated Medium...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1656 affects Business Directory Plugin – Easy Listing Directories for WordPress (slug: business-directory-plugin) in versions up to and including 6.4.20. Rated Medium severity (CVSS 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N),...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-1655 is a Medium-severity issue (CVSS 4.3) affecting EventPrime – Events Calendar, Bookings and Tickets (slug: eventprime-event-calendar-management) in versions up to 4.2.8.4. An attacker must be authenticated (Subscriber/Customer level or...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-2419 affects the WP-DownloadManager WordPress plugin (slug: wp-downloadmanager) in versions 1.69 and earlier. This is a Low severity issue (CVSS 2.7) that requires an authenticated user with Administrator-level access (or higher) to exploit....
Recent Comments