by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors WP Recipe Maker (slug: wp-recipe-maker) versions up to and including 10.3.2 contain a Medium-severity vulnerability (CVE-2026-1558, CVSS 5.3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) that can be exploited remotely over the internet. The issue is...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The xPromoter WordPress plugin (slug: top_bar_promoter) has an authenticated SQL Injection vulnerability affecting versions up to and including 1.3.4 (CVE: CVE-2025-68053). The severity is rated Medium with a CVSS 3.1 score of 6.5...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The vulnerability CVE-2025-63058 affects the WordPress plugin Custom Field Template (slug: custom-field-template) in versions 2.7.6 and earlier. It is rated Medium severity (CVSS 4.3) and is exploitable over the network, meaning an attacker can attempt...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The WordPress plugin Xpro Addons — 140+ Widgets for Elementor (slug: xpro-elementor-addons) is affected by a Medium-severity vulnerability (CVE-2025-63044, CVSS 6.4) that enables stored cross-site scripting (XSS) by an authenticated user with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-62959 is a High-severity vulnerability (CVSS 7.2) affecting the WordPress plugin Paid Videochat Turnkey Site – HTML5 PPV Live Webcams (slug: ppv-live-webcams) in versions up to and including 7.3.23. It allows authenticated attackers with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-63066 is a Medium-severity Stored Cross-Site Scripting (XSS) issue affecting the Porto Theme – Functionality WordPress plugin (slug: porto-functionality) in versions prior to 3.7.3. The attack requires an authenticated WordPress account...
Recent Comments