by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors Product: Spam protection, Honeypot, Anti-Spam by CleanTalk (cleantalk-spam-protect) Vulnerability: CVE-2026-1490 — Authorization bypass via reverse DNS (PTR record) spoofing leading to unauthenticated arbitrary plugin installation Severity: Critical...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors The WordPress plugin Media Library Folders (slug: media-library-plus) is affected by a Medium-severity issue (CVE-2026-2312, CVSS 4.3). The vulnerability can be triggered over the network by an authenticated user with Author-level access or higher,...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors MapSVG (slug: mapsvg) has a Medium severity vulnerability (CVSS 6.5) identified as CVE-2025-47562 that allows unauthenticated arbitrary shortcode execution in versions up to and including 8.5.34. Because no login is required, an external attacker can...
by Ivan Sorkin | Feb 14, 2026 | Plugins
Attack Vectors CVE-2026-1512 affects the WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets (slug: essential-addons-for-elementor-lite) in versions up to and including 6.5.9. It is rated Medium severity (CVSS 6.4). The attack...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-1249 is a Medium severity Server-Side Request Forgery (SSRF) issue (CVSS 5.0) affecting the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar (slug: mp3-music-player-by-sonaar) in versions 5.3 through 5.10....
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Truelysell Core (WordPress plugin slug: truelysell-core) has a Critical vulnerability (CVSS 9.8) that can be exploited without authentication. In practical terms, an attacker can target the site’s public-facing registration flow and attempt to create a...
Recent Comments