by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25408 is a Medium severity (CVSS 5.3) vulnerability affecting the Broken Link Notifier WordPress plugin (slug: broken-link-notifier) in versions <= 1.3.5. Because the issue can be triggered over the network and does not require a logged-in...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25407 affects the WordPress plugin Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode (slug: cookiebot) in versions up to and including 4.6.4. This is a Medium severity issue (CVSS 4.3). The primary risk...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25399 affects the Serious Slider WordPress plugin (slug: cryout-serious-slider) versions <= 1.2.7. This is a Medium-severity issue (CVSS 4.3, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) that can be exploited remotely over the...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25391 affects the WordPress plugin WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek (slug: ai-content-generation) in versions <= 1.3.07. The issue is rated Medium severity (CVSS 4.3, vector:...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25343 is a medium-severity Stored Cross-Site Scripting (XSS) vulnerability (CVSS 4.4) affecting the WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce WordPress plugin (slug: wp-sms) in versions <= 7.1. The...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-25004 is a Medium-severity Stored Cross-Site Scripting (XSS) vulnerability (CVSS 6.4) affecting the CM Business Directory – Optimise and showcase local business WordPress plugin (cm-business-directory) in versions up to and including 1.5.3. The...
Recent Comments