Critical XSS in WP Emmet Plugin//Published on 2025-08-16//CVE-2025-49894

2025 08 16serverbuddy by pluginbuddy.comcve202549895

WordPress ServerBuddy CSRF to PHP Object Injection//Published on 2025-08-16//CVE-2025-49895

Critical ServerBuddy CSRF to PHP Object Injection vulnerability in WordPress with immediate remediation guide

2025 08 16drag and drop multiple file upload – contact form 7cve20258464

WordPress Directory Traversal via Guest User Cookie//Published on 2025-08-16//CVE-2025-8464

Security advisory: directory traversal in Contact Form 7 drag-and-drop uploads, fix 1.3.9.1

2025 08 16advanced iframecve20258089

Authenticated Stored XSS in WordPress iFrame Plugin//Published on 2025-08-16//CVE-2025-8089

Explains CVE-2025-8089 stored XSS in Advanced iFrame, impact, detection, mitigations, and WP-Firewall protection

2025 08 16soledadcve20258143

Soledad WordPress Authenticated Stored XSS Vulnerability//Published on 2025-08-16//CVE-2025-8143

Soledad CVE-2025-8143 stored XSS: update to 8.6.8 and strengthen with WAF

2025 08 16profilepresscve20258878

WordPress ProfilePress Shortcode Vulnerability Enables Unauthenticated Execution//Published on 2025-08-16//CVE-2025-8878

Urgent ProfilePress CVE-2025-8878 unauthenticated shortcode execution; update to 4.16.5.

2025 08 16soledadcve20258105

Critical Soledad WordPress Shortcode Execution Unauthenticated//Published on 2025-08-16//CVE-2025-8105

Soledad theme CVE-2025-8105 unauthenticated shortcode risk, detection, patching and WP-Firewall protection

2025 08 16profile buildercve20258896

Stored XSS in WordPress User Profile Builder//Published on 2025-08-16//CVE-2025-8896

Urgent: Patch Profile Builder CVE-2025-8896 stored XSS to 3.14.4; mitigations and WAF tips.

2025 08 16betterdocscve20257499

WordPress BetterDocs Authorization Gap Exposes Private Posts//Published on 2025-08-16//CVE-2025-7499

Critical BetterDocs private content exposure CVE-2025-7499: patch to 4.1.2 and mitigations.