by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-30636 affects the Accessibility Suite by Ability, Inc WordPress plugin (slug: online-accessibility) in versions 4.19 and below. The issue is rated Medium severity (CVSS 4.3) and can be exploited remotely over the network by an attacker who...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors DZS Video Gallery (WordPress plugin slug: dzs-videogallery) is affected by a Medium-severity vulnerability (CVE-2025-32300, CVSS 6.1) involving Reflected Cross-Site Scripting (XSS) in versions up to and including 12.39. This issue can be exploited by an...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-63012 is a medium-severity Cross-Site Request Forgery (CSRF) issue in the WP Hotel Booking plugin (slug: wp-hotel-booking) affecting versions up to and including 2.2.8. CSRF attacks don’t require the attacker to log in; instead, they rely on...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-31914 is a High severity vulnerability (CVSS 7.5) affecting Pixel WordPress Form BuilderPlugin & Autoresponder (slug: pixel-formbuilder) in versions up to and including 1.0.2. The issue is an unauthenticated SQL Injection, meaning an...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-47553 is a High-severity vulnerability (CVSS 8.8, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting the DZS Video Gallery WordPress plugin (slug: dzs-videogallery) in versions 12.39 and below. The attack requires an authenticated...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-31641 is a Medium-severity SQL Injection vulnerability (CVSS 6.5, CVE record) affecting the UberSlider WordPress plugin (slug: uber-classic) in versions before 2.6. This issue can be exploited by an authenticated WordPress user with...
Recent Comments