by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-27009 is a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVSS 4.3) affecting the My auctions allegro WordPress plugin (slug: my-auctions-allegro-free-edition) in versions up to and including 3.6.33. The most likely attack...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-47604 is a Medium severity (CVSS 6.4) Stored Cross-Site Scripting (XSS) vulnerability affecting the Inline Related Posts WordPress plugin (intelly-related-posts) in versions up to and including 3.8.0. The primary attack path is through a user...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The WordPress Events Calendar Plugin – connectDaily (slug: connect-daily-web-calendar) has a Medium-severity vulnerability (CVSS 6.1, CVE-2025-32597) affecting all versions up to and including 1.5.4. This issue can be exploited when an attacker...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-31008 is a Medium-severity stored cross-site scripting (XSS) issue (CVSS 4.4) affecting the Embeds for YouTube plugin (slug: youtube-embed) in versions up to and including 5.3.1. An attacker must already be authenticated with...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Product: teachPress (WordPress plugin, slug: teachpress) Vulnerability: Authenticated SQL Injection affecting teachPress versions up to and including 9.0.11. This is rated Medium severity (CVSS 3.1 score 6.5, vector:...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2025-26581 is a medium-severity Stored Cross-Site Scripting (XSS) issue affecting the WordPress plugin Picture Gallery – Frontend Image Uploads, AJAX Photo List (slug: picture-gallery) in versions up to and including 1.6.3. Because the vulnerability...
Recent Comments