by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors WP Term Order (slug: wp-term-order) versions up to and including 2.1.0 are affected by a Medium severity Cross-Site Request Forgery (CSRF) vulnerability (CVE: CVE-2026-24542; CVSS 4.3). The most common CSRF scenario is social engineering: an attacker...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2025-54004 affects the WordPress plugin WCFM – Frontend Manager for WooCommerce (including its “Bookings Subscription Listings Compatible” functionality, slug wc-frontend-manager) in versions up to 6.7.24. The severity is Medium (CVSS 4.3). The key...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors BuddyHolis ListSearch (slug: listsearch) versions 1.1 and earlier contain a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) that can be exploited by an authenticated WordPress user with Contributor-level access or higher. The...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors IDE Micro code-editor (slug: flask-micro) is affected by a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) in versions up to and including 1.0.0. The vulnerability is tied to the plugin’s codeflask shortcode, specifically the title...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors WDES Responsive Popup (slug: wdes-responsive-popup) has a Medium severity vulnerability (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) tracked as CVE-2026-1804. The issue affects all versions up to and including 1.3.6. The primary attack path...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-1748 affects the WordPress plugin Invoct – PDF Invoices & Billing for WooCommerce (slug: kirilkirkov-pdf-invoice-manager) in versions up to and including 1.6, with a Medium severity rating (CVSS 4.3). The issue enables an authenticated user...
Recent Comments