by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Bayarcash WooCommerce (WordPress plugin slug: bayarcash-wc) is affected by a Medium severity missing authorization issue (CVE: CVE-2026-24606, CVSS 5.3). In versions up to and including 4.3.12, a function lacks a required capability check, which can...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Link Hopper (slug: link-hopper) has a Medium severity vulnerability (CVSS 4.4) identified as CVE-2025-15483. The issue is a Stored Cross-Site Scripting (XSS) weakness that can be triggered through the “hop_name” parameter in Link Hopper versions 2.5 and...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The Ravelry Designs Widget WordPress plugin (slug: ravelry-designs-widget) has a Medium severity vulnerability (CVSS 6.4) identified as CVE-2026-1903. This issue affects all versions up to and including 1.0.0. The attack requires an authenticated...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors UpMenu – Online ordering for restaurants (slug: upmenu) has a Medium-severity vulnerability (CVSS 6.4, CVE-2026-1910) that can be exploited by an authenticated WordPress user with Contributor-level access or higher. The issue is a stored cross-site...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The WordPress plugin midi-Synth (slug: midi-synth) is affected by a Critical vulnerability (CVSS 9.8, CVE-2026-1306) in versions up to and including 1.1.0. The issue is tied to the plugin’s ‘export’ AJAX action, which can be reached by...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-0736 affects the Chatbot for WordPress by Collect.chat ⚡️ plugin (slug: collectchat) in versions up to and including 2.4.8. The reported severity is Medium (CVSS 6.4). The risk comes from an attacker who already has an authenticated WordPress...
Recent Comments