WP Security
WWordPress Vulnerability Database

Alert Goza Theme Unauthorised File Deletion Risk(CVE202510134)

  • September 8, 2025
WordPress Goza theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Advisory Doccure Password Flaw(CVE20259114)

  • September 8, 2025
WordPress Doccure plugin <= 1.4.8 - Unauthenticated Arbitrary User Password Change vulnerability
Read More
WWordPress Vulnerability Database

Security Alert Rehub theme exposes protected posts(CVE20257368)

  • September 6, 2025
WordPress Rehub theme <= 19.9.7 - Unauthenticated Password Protected Post Disclosure vulnerability
Read More
WWordPress Vulnerability Database

Contributor Stored Cross Site Scripting Vulnerability(CVE20259849)

  • September 6, 2025
WordPress Html Social share buttons plugin <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Read More
WWordPress Vulnerability Database

Hong Kong Security Advisory UsersWP SQL Injection(CVE202510003)

  • September 6, 2025
WordPress UsersWP plugin <= 1.2.44 - Authenticated (Subscriber+) SQL Injection vulnerability
Read More
WWordPress Vulnerability Database

Community Alert Rehub Theme Shortcode Vulnerability(CVE20257366)

  • September 6, 2025
WordPress Rehub theme <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost vulnerability
Read More
WWordPress Vulnerability Database

Security Advisory Smart Table Builder Stored XSS(CVE20259126)

  • September 6, 2025
WordPress Smart Table Builder plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability
Read More
WWordPress Vulnerability Database

AdForest Theme Admin Access Bypass Advisory(CVE20258359)

  • September 6, 2025
WordPress AdForest theme <= 6.0.9 - Authentication Bypass to Admin vulnerability
Read More
WWordPress Vulnerability Database

Community Security Advisory Easy Social Feed XSS(CVE20256067)

  • September 6, 2025
WordPress Easy Social Feed plugin <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
Read More
WWordPress Vulnerability Database

HK Security Alert Element Kit XSS(CVE20258360)

  • September 6, 2025
WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Read More
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.

hi there 👋 Sign up to receive awesome WP-Security Alert and update in your inbox, every week.

We don’t spam! Read our privacy policy for more info.

Check your inbox or spam folder to confirm your subscription.

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0