by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors The LatePoint – Calendar Booking Plugin for Appointments and Events (slug: latepoint-2) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-14873, CVSS 4.3). In practical terms, an attacker can attempt to make...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-0559 (Medium severity, CVSS 6.4) affects the MasterStudy LMS WordPress Plugin – for Online Courses and Education (slug: masterstudy-lms-learning-management-system) in versions up to and including 3.7.11. The issue is an authenticated Stored...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Flexi Product Slider and Grid for WooCommerce (slug: flexi-product-slider-grid) has a High-severity vulnerability (CVSS 7.5, CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting versions up to and including 1.0.5. It is tracked as CVE-2026-1988. The...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Accordion and Accordion Slider (slug: accordion-and-accordion-slider) is affected by a medium-severity authorization issue (CVE-2026-0727, CVSS 5.4). The risk comes from what an authenticated user can do after they already have a valid account. An...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors CVE-2026-0557 affects the WordPress plugin WP Data Access – No-Code App Builder with Tables, Forms, Charts & Maps (slug: wp-data-access) in versions up to and including 5.5.63. It is a Medium severity issue (CVSS 6.4) involving Stored Cross-Site...
by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Allow HTML in Category Descriptions (slug: allow-html-in-category-descriptions) has a Medium severity vulnerability (CVSS 4.4; CVE: CVE-2026-0693) that can be triggered by an authenticated user with Administrator (or higher) access. The attack involves...
Recent Comments