WP-Firewall Blog | Latest WordPress Security Tips & News

WordPress Add User Meta CSRF Stored XSS//Published on 2025-08-15//CVE-2025-7688

Urgent WordPress CVE-2025-7688: CSRF stored XSS in Add User Meta plugin; mitigation guidance.

Technical breakdown, risk assessment, and mitigation steps for CVE-2025-7668 Linux Promotional Plugin.

Stored XSS in Anber Elementor Addon up to v1.0.1; practical mitigation and cleanup guide.

CVE-2025-7641 Unauthenticated path traversal in Assistant for NextGEN Gallery (<=1.0.9) with mitigations

Stored XSS in Embed Bokun <= 0.23 exploited by authenticated contributors; practical mitigation guidance.

Critical WordPress Last.fm plugin CSRF stored XSS CVE-2025-7684 risk and remediation guide by WP-Firewall

Mitigation guide for CVE-2025-8720 stored XSS in WordPress README Parser <=1.3.15

WordPress Icons Factory CVE-2025-7778 unauthenticated file deletion vulnerability and remediation guidance

Urgent: CVE-2025-7664 unauthenticated AL Pack activation; patch guidance and WP-Firewall protection

Defend WordPress from CVE-2025-7686 CSRF to stored XSS in weichuncai plugin.