WP Security

WP Security Vulnerability Report

571 posts
WWordPress Vulnerability Database

Security Alert LWSCache Authorization Bypass Risk(CVE20258147)

  • August 28, 2025
WordPress LWSCache plugin <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function vulnerability
WWordPress Vulnerability Database

Security Advisory List Subpages Plugin Stored XSS(CVE20258290)

  • August 28, 2025
WordPress List Subpages plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter vulnerability
WWordPress Vulnerability Database

Security Advisory OSM Map Widget Stored XSS(CVE20258619)

  • August 28, 2025
WordPress OSM Map Widget for Elementor plugin <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL vulnerability
WWordPress Vulnerability Database

Community Advisory Stored XSS in Events Addon(CVE20258150)

  • August 28, 2025
WordPress Events Addon for Elementor plugin <= 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter and Countdown Widgets vulnerability
WWordPress Vulnerability Database

Community Advisory RingCentral Two Factor Bypass(CVE20257955)

  • August 28, 2025
WordPress RingCentral Communications plugin 1.5-1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify Function
WWordPress Vulnerability Database

Hong Kong Cybersecurity Advisory Stored XSS Risk(CVE20258603)

  • August 28, 2025
WordPress Unlimited Elements For Elementor plugin <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WWordPress Vulnerability Database

Public Advisory CSRF Enables Command Injection(CVE20257812)

  • August 28, 2025
WordPress Video Share VOD – Turnkey Video Site Builder Script plugin <= 2.7.6 - Cross-Site Request Forgery to Command Injection vulnerability
WWordPress Vulnerability Database

Community Alert Simple Download Monitor SQL Injection(CVE20258977)

  • August 28, 2025
WordPress Simple Download Monitor plugin <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality vulnerability
WWordPress Vulnerability Database

Hong Kong Security Advisory WooCommerce Stored XSS(CVE20258073)

  • August 28, 2025
WordPress Dynamic AJAX Product Filters for WooCommerce plugin <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter vulnerability
WWordPress Vulnerability Database

Xagio SEO Backup Files Expose Sensitive Data(CVE202413807)

  • August 28, 2025
WordPress Xagio SEO plugin <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files vulnerability
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.
en_USEnglish
zh_HKChinese (Hong Kong) zh_CNChinese (China) en_USEnglish

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0