by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Migration, Backup, Staging – WPvivid Backup & Migration (slug: wpvivid-backuprestore) has a Critical vulnerability (CVSS 9.8) tracked as CVE-2026-1357. The issue affects plugin versions up to and including 0.9.123. The primary attack vector is...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Orbisius Random Name Generator (slug: orbisius-random-name-generator) versions 1.0.2 and below contain a Medium-severity vulnerability (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) that enables stored cross-site scripting (XSS) when the...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Medium severity (CVSS 6.4) vulnerability CVE-2026-1231 affects the WordPress plugin Beaver Builder Page Builder – Drag and Drop Website Builder (slug: beaver-builder-lite-version) in versions up to and including 2.10.0.5. The issue can be exploited by...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors The WordPress plugin SlimStat Analytics (slug: wp-slimstat) has a Medium-severity vulnerability (CVSS 6.5) identified as CVE-2025-13431. It affects versions 5.3.1 and earlier and can be exploited remotely over the network. This issue requires an...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors In Gallery by FooGallery (slug: foogallery) versions 3.1.9 and earlier, a Medium-severity issue (CVE-2025-15524, CVSS 4.3) allows an authenticated WordPress user with Subscriber-level access or higher to request gallery information they should not be...
by Ivan Sorkin | Feb 10, 2026 | Plugins
Attack Vectors Lucky Wheel Giveaway (slug: wp-lucky-wheel) is affected by a High-severity vulnerability (CVSS 7.2, CVE-2025-14541) that can be exploited over the network in WordPress environments where the plugin is installed. The attack requires an authenticated user...
Recent Comments