by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The WordPress plugin Address Bar Ads (versions up to and including 1.0.0) is affected by a Medium-severity vulnerability (CVE-2026-1795, CVSS 6.1) that enables reflected cross-site scripting (XSS) through the URL path. In practical terms, an...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The vulnerability CVE-2026-1901 affects the QuestionPro Surveys WordPress plugin (slug: questionpro-surveys) in versions up to and including 1.0 and is rated Medium severity (CVSS 6.4). It is a stored cross-site scripting issue that occurs through...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors StyleBidet (slug: stylebidet) versions up to and including 1.0.0 are affected by a Medium severity vulnerability (CVSS 6.1) identified as CVE-2026-1796. The issue is a reflected cross-site scripting (XSS) weakness triggered through the URL path. Because...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Severity: High (CVSS 7.2) — CVE-2026-0753 affects the Super Simple Contact Form WordPress plugin (slug: super-simple-contact-form) in versions up to and including 1.6.2. The issue is a reflected cross-site scripting (XSS) weakness triggered through the...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Sphere Manager (slug: sphere-manager) versions 1.0.2 and earlier are affected by a Medium severity vulnerability (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) tracked as CVE-2026-1905. The primary attack path is an authenticated user who...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The CallbackKiller service widget plugin (slug: callbackkiller-service-widget) is reported as Medium severity (CVSS 5.3) and affects all versions up to and including 1.2. The issue involves a WordPress AJAX endpoint tied to the cbk_save_v1 action, which...
Recent Comments