by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Bravis User (slug: bravis-user) has a High-severity vulnerability (CVSS 8.1) that can be exploited remotely over the internet (AV:N). In practical terms, this means an attacker does not need a login (PR:N) or user interaction (UI:N) to attempt...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-2383 is a medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting the Simple Download Monitor WordPress plugin (simple-download-monitor) in versions 4.0.5 and earlier. The vulnerability can be exploited by an authenticated...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27542 is a Critical vulnerability (CVSS 9.8, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the Wholesale Lead Capture Plugin for WooCommerce (slug: woocommerce-wholesale-lead-capture) in all versions up to and including...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors WPZOOM Addons for Elementor – Starter Templates & Widgets (slug: wpzoom-elementor-addons) has a Medium severity vulnerability (CVSS 6.1, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) affecting versions up to and including 1.3.4. The issue is...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-14149 is a medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting the WordPress plugin Xpro Addons — 140+ Widgets for Elementor (slug: xpro-elementor-addons) in versions up to and including 1.4.24. The primary attack path...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-27540 affects the Wholesale Lead Capture Plugin for WooCommerce (slug: woocommerce-wholesale-lead-capture) in all versions up to and including 2.0.3.1. With a Critical severity rating (CVSS 9.8, vector...
Recent Comments