WP-Firewall Blog | Latest WordPress Security Tips & News

YourMembership SSO Unauthenticated Access Exposes Data//Published on 2025-10-15//CVE-2025-10648

Critical advisory on YM SSO Login CVE-2025-10648 unauthenticated data exposure and mitigations

Urgent CSRF vulnerability in TopBar <=1.0.0 CVE-2025-10300 with immediate mitigations and virtual patching

CVE-2025-11692 Zip Attachments vulnerability analysis with mitigation and WP-Firewall protection

Urgent step by step mitigation for OwnID Passwordless Login CVE-2025-10294 WordPress

Ova Advent CVE-2025-8561 stored XSS guide: detection, remediation, and WAF protection.

Authenticated SQL injection risk in onOffice for WP‑Websites <=5.7 with WAF mitigation guidance.

Zip Attachments vulnerability exposes private attachments; fixes, mitigations, and virtual patch guidance

CVE-2025-10312 CSRF in Theme Importer <=1.0 and actionable WordPress protection guidance.

Unauthenticated order status vulnerability in Oceanpayment Gateway version 6.0 or lower; CVE-2025-11728 mitigation guide

Explains CVE-2025-6042 unauthenticated privilege escalation in Lisfinity Core and how WP Firewall protects sites