by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors WP Plugin Info Card (slug: wp-plugin-info-card) versions 6.2.0 and below are affected by a medium-severity Cross-Site Request Forgery (CSRF) issue (CVE: CVE-2026-2023, CVSS 4.3). The most likely attack path is social engineering: an attacker persuades a...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors VK All in One Expansion Unit (slug: vk-all-in-one-expansion-unit) has a Medium severity stored cross-site scripting (XSS) vulnerability (CVE-2025-11737) affecting versions up to and including 9.112.3. The issue can be exploited by an authenticated...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-12356 is a Medium-severity authorization issue affecting Tickera – Sell Tickets & Manage Events (slug: tickera-event-ticketing-system) in versions up to 3.5.6.4. It involves a WordPress AJAX function (wp_ajax_change_ticket_status) that can...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-12122 is a Medium-severity Stored Cross-Site Scripting (XSS) issue affecting Popup Box – Easily Create WordPress Popups (slug: popup-box) in versions 3.2.12 and earlier. The primary attack path is through the plugin’s iframeBox shortcode. An...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Frontend User Notes (slug: frontend-user-notes) has a Medium severity vulnerability (CVSS 4.3) affecting versions 2.1.0 and earlier. It involves an Insecure Direct Object Reference (IDOR) in the funp_ajax_modify_notes AJAX endpoint (CVE:...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Order Splitter for WooCommerce (slug: woo-order-splitter) is affected by a Medium-severity vulnerability (CVSS 4.3, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) tracked as CVE-2025-12075. The issue can be exploited by an attacker who already has a...
Recent Comments