by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2026-24532 is a Medium-severity missing authorization issue (CVSS 4.3) affecting the WordPress plugin SiteLock Security – WP Hardening, Login Security & Malware Scans (slug: sitelock) in versions up to and including 5.0.2. The primary attack...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors Event Tickets with Ticket Scanner (slug: event-tickets-with-ticket-scanner) has a Critical vulnerability (CVSS 9.8) that enables unauthenticated remote code execution in versions up to and including 2.8.5. In practical terms, this means an attacker can...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2025-13974 is a Medium-severity (CVSS 4.4) Stored Cross-Site Scripting (XSS) issue in the WordPress plugin Email Customizer for WooCommerce | Drag and Drop Email Templates Builder (slug: email-customizer-for-woocommerce) affecting versions 2.6.7 and...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors Microtango (WordPress plugin) versions up to and including 0.9.29 are affected by CVE-2026-1821, a Medium severity issue (CVSS 6.4) involving stored cross-site scripting (XSS) through shortcode attributes. The primary attack path requires a user who is...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2026-1675 affects the Advanced Country Blocker WordPress plugin (slug: advanced-country-blocker) in versions 2.3.1 and below, and is rated Medium severity (CVSS 5.3). The issue stems from an insecure default “secret bypass key” created during...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors The vulnerability in Invoct – PDF Invoices & Billing for WooCommerce (slug: kirilkirkov-pdf-invoice-manager) affects versions 1.6 and below and is rated Medium severity (CVSS 4.3). It can be exploited over the network by an attacker who already has...
Recent Comments