Blog

Info Cards plugin CVE-2026-4120 authenticated stored XSS—what WordPress site owners must do.

Urgent guide: patch NextGEN Gallery LFI vulnerability by upgrading to 4.0.5 or implement mitigations.

Info Cards plugin CVE-2026-4120 authenticated stored XSS—what WordPress site owners must do.

Urgent guide: patch NextGEN Gallery LFI vulnerability by upgrading to 4.0.5 or implement mitigations.

High risk broken access control in PublishPress Authors <=4.10.1; patch 4.11.0 and WP-Firewall protection

High risk broken access control in PublishPress Authors <=4.10.1; patch 4.11.0 and WP-Firewall protection

CVE-2026-25306 explained: reflected XSS in XStore Core and WP-Firewall defense

High risk broken access control in PublishPress Authors <=4.10.1; patch 4.11.0 and WP-Firewall protection

Urgent guidance for CVE-2026-25456 broken access control in a WordPress FedEx plugin

Urgent WordPress guide to avalex CVE-2026-25462: patch, mitigations, and WAF protection.