by Ivan Sorkin | Feb 13, 2026 | Plugins
Attack Vectors Product: Starfish Review Generation & Marketing for WordPress (slug: starfish-reviews) Vulnerability: CVE-2025-15157 (Severity: High, CVSS 8.8; Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) This issue affects Starfish Review Generation &...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors Related Videos for JW Player (WordPress plugin slug: related-videos-for-jw-player) is affected by a Medium-severity vulnerability (CVE-2025-32516, CVSS 6.1) involving reflected cross-site scripting (XSS). In practical terms, an external attacker can...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2023-47517 is a Medium-severity reflected cross-site scripting (XSS) issue in the SendPress Newsletters WordPress plugin (slug: sendpress) affecting versions up to and including 1.23.11.6. An unauthenticated attacker can attempt to inject malicious...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2024-11756 is a Medium-severity stored cross-site scripting (XSS) vulnerability (CVSS 6.4) affecting the WordPress plugin SweepWidget – Contests, Giveaways, Sweepstakes & Photo Contests (slug: sweepwidget) in versions 2.0.6 and earlier. The...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2025-14447 affects the AnnunciFunebri Impresa WordPress plugin (slug: annuncifunebri-onoranza) in versions up to and including 4.7.0. The severity is Medium (CVSS 5.3). The primary attack vector involves an authenticated WordPress user with...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors This Medium-severity vulnerability (CVSS 6.4) affects the WordPress plugin OpenPOS Lite – Point of Sale for WooCommerce (slug: wpos-lite-version) in versions up to and including 3.0. It is an authenticated issue, meaning an attacker must already have a...
Recent Comments