"mollie payments for woocommerce 8. 1. 2 mitigation steps : update to mollie payments for woocommerce version 8. 1. 2 or greater. websub ( fka. pubsubhubbub ) – cross site scripting ( xss ) security risk : medium exploitation level : requires administrator or higher level authenti…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
98%
"##2 patched versions : royal addons for elementor 1. 7. 1002 mitigation steps : update to royal addons for elementor version 1. 7. 1002 or greater. easy table of contents – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher lev…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
96%
", page - level targeting, and woocommerce triggers – sql injection security risk : high exploitation level : no authentication required. vulnerability : sql injection cve : cve - 2025 - 13192 number of installations : 50, 000 + affected software : popup builder with gamification,…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
96%
"2. 4. 15 mitigation steps : update to gallery by foogallery version 2. 4. 15 or greater. givewp – php object injection security risk : critical exploitation level : no authentication required. vulnerability : php object injection cve : cve - 2024 - 5932 number of installations : …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
96%
"9. 6 or greater. customer reviews for woocommerce – cross site scripting ( xss ) security risk : high exploitation level : no authentication required. vulnerability : cross site scripting ( xss ) cve : cve - 2026 - 1316 number of installations : 80, 000 + affected software : cust…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
93%
"risk : medium exploitation level : requires subscriber or higher level authentication. vulnerability : insecure direct object references ( idor ) cve : cve - 2026 - 2230 number of installations : 50, 000 + affected software : booking calendar < 10. 14. 15 patched versions : booki…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
90%
"50, 000 + affected software : getwid < 2. 0. 11 patched versions : getwid 2. 0. 11 mitigation steps : update to getwid version 2. 0. 11 or greater. popup builder with gamification, multi - step popups, page - level targeting, and woocommerce triggers – broken access control secur…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
88%
"##e - 2024 - 6575 number of installations : 100, 000 + affected software : the plus addons for elementor < 5. 6. 3 patched versions : the plus addons for elementor 5. 6. 3 mitigation steps : update to the plus addons for elementor version 5. 6. 3 or greater. the plus addons for e…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
87%
"< 5. 4. 2 patched versions : the plus addons for elementor 5. 4. 2 mitigation steps : update to the plus addons for elementor version 5. 4. 2 or greater. the plus addons for elementor – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
87%
"version 5. 7. 0 or greater. post smtp – sql injection security risk : high exploitation level : requires administrator or higher level authentication. vulnerability : sql injection cve : cve - 2023 - 6620 number of installations : 300, 000 + affected software : post smtp < 2. 8. …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
86%
"1. 3. 972 mitigation steps : update to royal addons for elementor version 1. 3. 972 or greater. royal addons for elementor – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : cross site sc…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
84%
"3. 6. 2 or greater. kadence blocks – server side request forgery ( ssrf ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : server side request forgery ( ssrf ) cve : cve - 2026 - 1857 number of installations : 600, 0…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
84%
"##6 - 25386 number of installations : 400, 000 + affected software : ally < 4. 0. 3 patched versions : ally 4. 0. 3 mitigation steps : update to ally version 4. 0. 3 or greater. siteorigin widgets bundle – content injection security risk : medium exploitation level : requires sub…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
84%
"gallery < 2. 13. 7 patched versions : modula image gallery 2. 13. 7 mitigation steps : update to modula image gallery version 2. 13. 7 or greater. modula image gallery – cross site scripting ( xss ) security risk : medium exploitation level : requires author or higher level authe…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
83%
"##ss ) cve : cve - 2026 - 0617 number of installations : 100, 000 + affected software : latepoint < 5. 2. 6 patched versions : latepoint 5. 2. 6 mitigation steps : update to latepoint version 5. 2. 6 or greater. menu icons by themeisle – cross site scripting ( xss ) security risk…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
83%
"authentication. vulnerability : cross site scripting ( xss ) cve : cve - 2024 - 1293 number of installations : 70, 000 + affected software : brizy < 2. 4. 41 patched versions : brizy 2. 4. 41 mitigation steps : update to brizy version 2. 4. 41 or greater. brizy – cross site scrip…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
82%
") 1. 13. 6 mitigation steps : update to addon elements for elementor ( formerly elementor addon elements ) version 1. 13. 6 or greater. addon elements for elementor ( formerly elementor addon elements ) – cross site scripting ( xss ) security risk : medium exploitation level : re…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
81%
"2. 7. 4. 3 patched versions : beaver builder page builder 2. 7. 4. 3 mitigation steps : update to beaver builder page builder version 2. 7. 4. 3 or greater. gallery by foogallery – broken access control security risk : medium exploitation level : requires subscriber or higher lev…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
80%
"- 2024 - 6848 number of installations : 60, 000 + affected software : post and page builder by boldgrid < 1. 26. 7 patched versions : post and page builder by boldgrid 1. 26. 7 mitigation steps : update to post and page builder by boldgrid version 1. 26. 7 or greater. greenshift …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
80%
"higher level authentication. vulnerability : cross site scripting ( xss ) cve : cve - 2024 - 1134 number of installations : 300, 000 + affected software : seopress – on - site seo & analytics < 7. 6 patched versions : seopress – on - site seo & analytics 7. 6 mitigation steps : u…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
80%
"woocommerce version 7. 8. 6 or greater. checkout field manager ( checkout manager ) for woocommerce – arbitrary file upload security risk : medium exploitation level : no authentication required. vulnerability : arbitrary file upload cve : cve - 2025 - 12500 number of installatio…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
80%
". 0 mitigation steps : update to backup migration version 1. 4. 0 or greater. download manager – cross site scripting ( xss ) security risk : high exploitation level : no authentication required. vulnerability : cross site scripting ( xss ) cve : cve - 2026 - 1666 number of insta…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
74%
"mesmerize companion 1. 6. 162 mitigation steps : update to mesmerize companion version 1. 6. 162 or greater. acf photo gallery field – broken access control security risk : medium exploitation level : requires subscriber or higher level authentication. vulnerability : broken acce…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
73%
"greater. brizy – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : cross site scripting ( xss ) cve : cve - 2024 - 1164 number of installations : 70, 000 + affected software : brizy < 2. 4…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
71%
"##ing ( xss ) cve : cve - 2024 - 2084 number of installations : 80, 000 + affected software : ht mega < 2. 4. 7 patched versions : ht mega 2. 4. 7 mitigation steps : update to ht mega version 2. 4. 7 or greater. ht mega – cross site scripting ( xss ) security risk : medium exploi…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
71%
"and customers 1. 26. 7 mitigation steps : update to import and export users and customers version 1. 26. 7 or greater. statcounter – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : cross…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
70%
"level : requires contributor or higher level authentication. vulnerability : cross site scripting ( xss ) cve : cve - 2025 - 14274 number of installations : 300, 000 + affected software : unlimited elements for elementor < 2. 0. 2 patched versions : unlimited elements for element…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
69%
"or higher level authentication. vulnerability : broken access control cve : cve - 2023 - 6733 number of installations : 50, 000 + affected software : wp - members membership plugin < 3. 4. 9 patched versions : wp - members membership plugin 3. 4. 9 mitigation steps : update to wp…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
69%
"3. 88 mitigation steps : update to royal addons for elementor version 1. 3. 88 or greater. royal addons for elementor – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : cross site scripti…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
68%
"versions : premium addons for elementor 4. 10. 32 mitigation steps : update to premium addons for elementor version 4. 10. 32 or greater. fluent forms – cross site scripting ( xss ) security risk : medium exploitation level : requires subscriber or higher level authentication. vu…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
67%
") < 1. 13 patched versions : addon elements for elementor ( formerly elementor addon elements ) 1. 13 mitigation steps : update to addon elements for elementor ( formerly elementor addon elements ) version 1. 13 or greater. addon elements for elementor ( formerly elementor addon …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
67%
"cross site scripting ( xss ) cve : cve - 2026 - 2002 number of installations : 600, 000 + affected software : forminator forms < 1. 50. 3 patched versions : forminator forms 1. 50. 3 mitigation steps : update to forminator forms version 1. 50. 3 or greater. ninja forms – sensitiv…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
65%
"000 + affected software : exclusive addons for elementor < 2. 6. 9. 3 patched versions : exclusive addons for elementor 2. 6. 9. 3 mitigation steps : update to exclusive addons for elementor version 2. 6. 9. 3 or greater. exclusive addons for elementor – cross site scripting ( xs…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
65%
"000 + affected software : the plus addons for elementor < 5. 5. 0 patched versions : the plus addons for elementor 5. 5. 0 mitigation steps : update to the plus addons for elementor version 5. 5. 0 or greater. the plus addons for elementor – cross site scripting ( xss ) security …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
62%
"##5 - 13393 number of installations : 70, 000 + affected software : featured image from url ( fifu ) < 5. 3. 2 patched versions : featured image from url ( fifu ) 5. 3. 2 mitigation steps : update to featured image from url ( fifu ) version 5. 3. 2 or greater. wp ulike – insecure…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
60%
"12975 number of installations : 70, 000 + affected software : product feed manager for woocommerce < 6. 6. 12 patched versions : product feed manager for woocommerce 6. 6. 12 mitigation steps : update to product feed manager for woocommerce version 6. 6. 12 or greater. email subs…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
58%
"##4 number of installations : 100, 000 + affected software : the plus addons for elementor < 5. 5. 3 patched versions : the plus addons for elementor 5. 5. 3 mitigation steps : update to the plus addons for elementor version 5. 5. 3 or greater. the plus addons for elementor – cro…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
58%
"control security risk : high exploitation level : no authentication required. vulnerability : broken access control cve : cve - 2026 - 2592 number of installations : 60, 000 + affected software : zarinpal gateway < 5. 0. 17 patched versions : zarinpal gateway 5. 0. 17 mitigation …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
57%
"woocommerce – broken access control security risk : medium exploitation level : no authentication required. vulnerability : broken access control cve : cve - 2025 - 14294 number of installations : 90, 000 + affected software : razorpay for woocommerce < 4. 7. 9 patched versions :…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
53%
"##e - 2024 - 0835 number of installations : 986, 469 affected software : royal elementor kit < 1. 0. 117 patched versions : royal elementor kit 1. 0. 117 mitigation steps : update to royal elementor kit theme version 1. 0. 117 or greater. spa and salon – broken access control sec…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
52%
"software : ht mega < 2. 5. 1 patched versions : ht mega 2. 5. 1 mitigation steps : update to ht mega version 2. 5. 1 or greater. ht mega – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability :…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
49%
"and customers 1. 26. 7 mitigation steps : update to import and export users and customers version 1. 26. 7 or greater. statcounter – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : cross…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
48%
"2. 6. 4 mitigation steps : update to jeg kit for elementor version 2. 6. 4 or greater. formidable forms – content injection security risk : medium exploitation level : no authentication required. vulnerability : content injection cve : cve - 2023 - 6830 number of installations : …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
48%
"higher level authentication. vulnerability : cross site scripting ( xss ) cve : cve - 2024 - 1134 number of installations : 300, 000 + affected software : seopress – on - site seo & analytics < 7. 6 patched versions : seopress – on - site seo & analytics 7. 6 mitigation steps : u…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
46%
"elementor 2. 6. 5 mitigation steps : update to jeg kit for elementor version 2. 6. 5 or greater. jeg kit for elementor – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : cross site script…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
46%
"vulnerability & patch roundup — february 2026 vulnerability reports and responsible disclosures are essential for website security awareness and education. automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. to help edu…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
46%
"##ons for elementor 3. 10. 5 mitigation steps : update to happy addons for elementor version 3. 10. 5 or greater. happy addons for elementor – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerabili…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
45%
"1. 3 mitigation steps : update to themesflat addons for elementor version 2. 1. 3 or greater. themesflat addons for elementor – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : cross site…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
44%
"20 or greater. fluent forms – cross site scripting ( xss ) security risk : medium exploitation level : requires administrator or higher level authentication. vulnerability : cross site scripting ( xss ) cve : cve - 2024 - 6521 number of installations : 600, 000 + affected softwar…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
44%
"site scripting ( xss ) cve : cve - 2025 - 14983 number of installations : 100, 000 + affected software : advanced custom fields : font awesome field < 5. 0. 2 patched versions : advanced custom fields : font awesome field 5. 0. 2 mitigation steps : update to advanced custom field…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
40%
"##ing ( xss ) cve : cve - 2026 - 22352 number of installations : 50, 000 + affected software : persian woocommerce sms ( all versions ) patched versions : no fix available mitigation steps : no patch is currently available. consider disabling or replacing the persian woocommerce …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
37%
"##ons for elementor version 2. 1. 3 or greater. themesflat addons for elementor – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vulnerability : cross site scripting ( xss ) cve : cve - 2024 - 4458 num…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
36%
"royal addons for elementor 1. 3. 976 mitigation steps : update to royal addons for elementor version 1. 3. 976 or greater. royal addons for elementor – cross site scripting ( xss ) security risk : medium exploitation level : requires contributor or higher level authentication. vu…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
33%
"##e - 2024 - 0835 number of installations : 986, 469 affected software : royal elementor kit < 1. 0. 117 patched versions : royal elementor kit 1. 0. 117 mitigation steps : update to royal elementor kit theme version 1. 0. 117 or greater. spa and salon – broken access control sec…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
32%
"+ affected software : migration, backup, staging < 0. 9. 124 patched versions : migration, backup, staging 0. 9. 124 mitigation steps : update to migration, backup, staging version 0. 9. 124 or greater. breadcrumb navxt – broken access control security risk : medium exploitation …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
31%
"xss ) cve : cve - 2025 - 11737 number of installations : 100, 000 + affected software : vk all in one expansion unit < 9. 112. 4 patched versions : vk all in one expansion unit 9. 112. 4 mitigation steps : update to vk all in one expansion unit version 9. 112. 4 or greater. wp al…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.
To help educate website owners about potential threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.
The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected.
