by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-1809 affects the WordPress plugin HTML Shortcodes (slug: html-shortcodes) in versions up to and including 1.1. This is a Medium severity issue (CVSS 6.4) that allows an authenticated user with Contributor-level access or higher to place...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors The WaMate Confirm – Order Confirmation WordPress plugin (slug: wamate-confirm) is affected by a Medium severity authorization issue (CVE-2026-1833, CVSS 5.3). The core risk is that an authenticated user who should not have operational control...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Category Image (slug: category-image) has a Medium severity vulnerability (CVE-2026-0815) that allows authenticated users with Editor-level access or higher to inject malicious scripts into your WordPress site using the ‘tag-image’...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Microtango (slug: microtango) versions 0.9.29 and below are affected by a Medium-severity vulnerability (CVSS 6.4) identified as CVE-2026-1821. The issue is an authenticated Stored Cross-Site Scripting (XSS) weakness that can be triggered through...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Twitter posts to Blog (slug: twitter-posts-to-blog) versions up to and including 1.11.25 are affected by a Medium-severity authorization issue (CVSS 6.5, CVE-2026-1786). The issue allows unauthenticated attackers—meaning they do not need a valid...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors CVE-2026-25024 is a Medium severity Cross-Site Request Forgery (CSRF) issue affecting the WordPress plugin ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (slug: thirstyaffiliates) in versions up to and including...
Recent Comments