WP Security
WWordPress Vulnerability Database

Security Advisory Smart Table Builder Stored XSS(CVE20259126)

  • September 6, 2025
WordPress Smart Table Builder plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Read More
WWordPress Vulnerability Database

AdForest Theme Admin Access Bypass Advisory(CVE20258359)

  • September 6, 2025
WordPress AdForest theme <= 6.0.9 - Authentication Bypass to Admin vulnerability
Read More
WWordPress Vulnerability Database

Community Security Advisory Easy Social Feed XSS(CVE20256067)

  • September 6, 2025
WordPress Easy Social Feed plugin <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
Read More
WWordPress Vulnerability Database

HK Security Alert Element Kit XSS(CVE20258360)

  • September 6, 2025
WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Read More
WWordPress Vulnerability Database

Security Advisory Simple Gallery Plugin SQL Injection(CVE202558881)

  • September 5, 2025
WordPress New Simple Gallery Plugin <= 8.0 - SQL Injection Vulnerability
Read More
WWordPress Vulnerability Database

Community Alert eDS Responsive Menu Plugin Vulnerability(CVE202558839)

  • September 5, 2025
WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability
Read More
WWordPress Vulnerability Database

Media Author Plugin Broken Access Control Advisory(CVE202558841)

  • September 5, 2025
WordPress Media Author Plugin <= 1.0.4 - Broken Access Control Vulnerability
Read More
WWordPress Vulnerability Database

Atec Debug Plugin Administrator File Deletion Risk(CVE20259518)

  • September 3, 2025
WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Advisory Make Connector Vulnerability(CVE20256085)

  • September 3, 2025
WordPress Make Connector plugin <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Alert Skyword Stored XSS(CVE202411907)

  • August 30, 2025
WordPress Skyword API Plugin plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Read More
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.

hi there 👋 Sign up to receive awesome WP-Security Alert and update in your inbox, every week.

We don’t spam! Read our privacy policy for more info.

Check your inbox or spam folder to confirm your subscription.

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0