by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors CVE-2025-68514 is a Medium severity vulnerability (CVSS 4.3) affecting the WordPress plugin Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction (slug: paid-member-subscriptions) in versions up to and...
by Ivan Sorkin | Feb 17, 2026 | Plugins
Attack Vectors Bravis Addons (WordPress plugin slug: bravis-addons) has a High-severity vulnerability (CVSS 8.8) that can be triggered by an attacker who already has a login on your site at the Subscriber level or higher. In practical business terms, this is most...
by Ivan Sorkin | Feb 16, 2026 | Plugins
Attack Vectors WowRevenue – Product Bundles & Bulk Discounts (slug: revenue) is affected by a High-severity vulnerability (CVE-2026-2001, CVSS 8.8) that can be exploited by an authenticated user with Subscriber-level access or higher. In practical terms, this...
by Ivan Sorkin | Feb 15, 2026 | Plugins
Attack Vectors FPW Category Thumbnails (slug: fpw-category-thumbnails) has a Medium-severity vulnerability (CVE-2025-31841, CVSS 4.3) affecting versions 1.9.5 and earlier. The issue is described as a missing authorization (capability) check on a plugin function. From...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors CVE-2026-1793 affects the WordPress plugin Element Pack Addons for Elementor (slug: bdthemes-element-pack-lite) in versions up to and including 8.3.17. The vulnerability is rated Medium severity (CVSS 6.5), and it can be exploited remotely over the...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors Ecwid by Lightspeed Ecommerce Shopping Cart (WordPress plugin slug: ecwid-shopping-cart) is affected by a High-severity privilege escalation vulnerability (CVSS 8.8) tracked as CVE-2026-1750. The issue applies to versions up to and including 7.0.7. The...
Recent Comments