by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors The WordPress plugin MMA Call Tracking (slug: mma-call-tracking) is affected by a Medium severity vulnerability (CVSS 4.3) that allows Cross-Site Request Forgery (CSRF) against plugin settings in versions up to and including 2.3.15. In practical...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors WPlyr Media Block (slug: wplyr-media-block) has a Medium-severity vulnerability (CVE-2026-0724, CVSS 4.4) affecting versions up to and including 1.3.0. This issue is a stored cross-site scripting (XSS) flaw that can be triggered through the...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Slideshow Wp (slug: slideshow-wp) versions 1.1 and earlier are affected by a Medium-severity issue (CVSS 6.4) tracked as CVE-2026-1885. The risk comes from a stored cross-site scripting (XSS) vulnerability tied to the sswp-slide shortcode, specifically...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors The vulnerability affects the WordPress plugin Sudoku Shortcode (slug: sudoku-shortcode) in versions up to and including 1.0.0, and is rated Medium severity (CVSS 6.4). It involves a stored cross-site scripting (XSS) issue through the background...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors The WordPress plugin iONE360 configurator (slug: ione360-configurator) has a High severity vulnerability (CVSS 7.2, CVE-2025-15440) that can be exploited by unauthenticated attackers over the network. This means an attacker does not need a user account...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors This medium-severity vulnerability (CVSS 6.4) affects the WordPress plugin OpenPOS Lite – Point of Sale for WooCommerce (slug: wpos-lite-version) in versions up to and including 3.0. The issue is an authenticated stored cross-site scripting (XSS)...
Recent Comments