by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors The o2s gallery WordPress plugin (o2s-gallery) is affected by a Medium-severity reflected Cross-Site Scripting (XSS) vulnerability in versions 1.0 and earlier (CVSS 6.1, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). This issue can be triggered...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Exploit Scanner (WordPress plugin slug: exploit-scanner) has a High severity vulnerability (CVSS 7.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) affecting versions up to and including 1.3.3. The issue can be triggered remotely over the network...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors Toret Manager (slug: toret-manager) versions 1.2.7 and below contain a High-severity vulnerability (CVE-2026-0912, CVSS 8.8) that can be exploited by any authenticated WordPress user with Subscriber access or higher. The practical risk is greatest for...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2026-1565 is a High-severity vulnerability (CVSS 8.8, CVE record) affecting the WordPress plugin User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration (slug: wp-user-frontend) in versions up to and...
by Ivan Sorkin | Feb 26, 2026 | Plugins
Attack Vectors CVE-2024-37275 is a Medium-severity reflected cross-site scripting (XSS) vulnerability affecting NextScripts: Social Networks Auto-Poster (WordPress plugin slug: social-networks-auto-poster-facebook-twitter-g) in versions up to and including 4.4.6. The...
by Ivan Sorkin | Feb 25, 2026 | Plugins
Attack Vectors CVE-2023-47654 is a Medium-severity (CVSS 6.4) Stored Cross-Site Scripting (XSS) vulnerability affecting the BZScore – Live Score WordPress plugin (slug: bzscore-live-score) in versions 1.03 and earlier. The key attack path is through the plugin’s...
Recent Comments