by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors FastDup – Fastest WordPress Migration & Duplicator (slug: fastdup) in versions 2.7.1 and earlier has a High-severity vulnerability (CVSS 8.8, CVE-2026-1104) that can be exploited by an attacker who already has an authenticated WordPress account with...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors Secure Copy Content Protection and Content Locking (slug: secure-copy-content-protection) is affected by a High severity issue (CVSS 7.2, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) tracked as CVE-2026-1320. The reported attack path involves an...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors CVE-2026-1316 is a High severity vulnerability (CVSS 7.2) affecting the Customer Reviews for WooCommerce WordPress plugin (slug: customer-reviews-woocommerce) in versions up to and including 5.97.0. The primary attack path is an unauthenticated Stored...
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors Activity Log for WordPress (slug: winterlock) versions 1.2.8 and earlier have a Medium-severity vulnerability (CVE-2026-1671, CVSS 6.5) that can be abused by an attacker who already has a basic, legitimate login (for example, a Subscriber account)....
by Ivan Sorkin | Feb 12, 2026 | Plugins
Attack Vectors The WordPress plugin Converter for Media – Optimize images | Convert WebP & AVIF (slug: webp-converter-for-media) is affected by a Medium-severity Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-1356) in versions up to and including...
by Ivan Sorkin | Feb 11, 2026 | Plugins
Attack Vectors CVE-2026-1537 affects the WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events (slug: latepoint-2) in versions 5.2.6 and below. This is a Medium-severity issue (CVSS 5.3) that allows an unauthenticated attacker—someone who is...
Recent Comments