by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-24392 is a medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (slug: hurrytimer) in versions <= 2.14.2. The vulnerability can be...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-23805 is a Medium severity (CVSS 6.5) SQL Injection vulnerability affecting the Media Search Enhanced WordPress plugin (media-search-enhanced) in versions up to and including 0.9.1. The attack requires an authenticated WordPress account with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Wizard Cloak (WordPress plugin slug: wp-wizard-cloak) is affected by a Medium-severity vulnerability (CVE-2025-53237, CVSS 6.1) that can be triggered over the internet by an unauthenticated attacker. The issue is a reflected cross-site scripting (XSS)...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Easy Taxonomy Images (slug: easy-taxonomy-images) has a High-severity vulnerability (CVSS 7.2; vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) that allows unauthenticated attackers to inject malicious code into your WordPress site. Because this...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Page Builder – AIO WP Builder: #1 Website Builder for WordPress (slug: all-in-one-wp-builder) is affected by CVE-2025-53217, rated Medium severity (CVSS 4.3). The issue can be exploited remotely over the network by an authenticated user who has at least...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-53228 is a Medium-severity (CVSS 6.1) Reflected Cross-Site Scripting (XSS) vulnerability affecting the bbpress Simple Advert Units WordPress plugin (bbpress-simple-advert-units) in versions <= 0.41. The primary risk scenario is link-based...
Recent Comments