by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors LearnPress – Backup & Migration Tool (plugin slug: learnpress-import-export) is affected by a Medium-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2025-49992, CVSS 6.1). In practical terms, an attacker can craft a malicious link...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-60224 is a High-severity vulnerability (CVSS 8.1, vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the Subscribe to Download WordPress plugin (slug: subscribe-to-download) in versions up to and including 2.0.9. The issue can be...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-47559 is a High severity vulnerability (CVSS 8.8) affecting the MapSVG WordPress plugin (mapsvg) in versions prior to 8.7.4. The issue can be exploited by an authenticated user with Contributor-level access (or higher). In practical business...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-32297 affects the Simple Link Directory / Simple Link Directory Pro WordPress plugin (slug: qc-simple-link-directory) in versions prior to 14.8.1. The issue is rated Medium severity with a CVSS 6.5 score...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-50012 is a Medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 4.4) affecting Inventory Presser – Car Dealer Listings (slug: inventory-presser) versions up to and including 15.2.6. The attack requires an authenticated user with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-47561 affects the MapSVG WordPress plugin (slug: mapsvg) in versions before 8.6.13. The vulnerability is rated High severity (CVSS 8.8), and it can be exploited remotely over the network. The key requirement is that an attacker must already...
Recent Comments