by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2026-24955 is a Medium severity reflected cross-site scripting (XSS) issue affecting the Whizz Plugins WordPress plugin (slug: whizz-plugins) in versions up to and including 1.9 (CVSS 6.1). The risk starts when an attacker can get someone to click a...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Miraculous Elementor (slug: miraculous-el) versions 2.0.7 and below contain a High-severity privilege escalation issue (CVSS 8.8) tracked as CVE-2025-67998. This vulnerability can be exploited by an attacker who already has a valid WordPress account...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-68526 is a High severity vulnerability (CVSS 7.5) affecting the WordPress plugin Modal Popup Box: A Flexible Pop Up Box Builder (slug: modal-popup-box) in versions 1.6.1 and earlier. The issue is a PHP Object Injection risk caused by...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors The WordPress plugin New User Approve (slug: new-user-approve) has a Medium-severity vulnerability (CVSS 5.3) tracked as CVE-2025-69063. The issue affects all versions up to and including 3.2.0. Because the vulnerability can be exploited by...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors The WordPress plugin Cnvrse (slug: cnvrse) is affected by a Medium-severity issue (CVSS 5.3) tracked as CVE-2025-69394. This vulnerability can be exploited remotely over the internet and does not require an attacker to be logged in. Because the weakness...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-69401 is a Medium-severity (CVSS 5.3) vulnerability affecting the WordPress plugin WooODT Lite – Delivery & pickup date time location for WooCommerce (slug: byconsole-woo-order-delivery-time) in versions up to and including 2.5.2. The issue...
Recent Comments