WP-Firewall Blog | Latest WordPress Security Tips & News

Critical CSRF Vulnerability in Theme Importer Plugin//Published on 2025-10-15//CVE-2025-10312

Theme Importer CSRF vulnerability CVE-2025-10312 mitigation, detection, and WAF-based protection.

Urgent security advisory on OwnID Passwordless Login bypass CVE-2025-10294 with mitigations

Authenticated Contributor SQL injection in TARIFFUXX <=1.4 (CVE-2025-10682) with mitigations.

Urgent guide to mitigating WordPress authenticated admin arbitrary file uploads in Demo Import Kit

Stored XSS in WP BookWidgets <=0.9 exposed to Contributor users; mitigation guide with WP-Firewall

Urgent guide to CVE-2025-11701 Zip Attachments vulnerability, unauthenticated disclosure, and mitigations.

Urgent WordPress CVE-2025-11177 unauthenticated SQLi guide for External Login plugin remediation

Urgent advisory Oceanpayment Gateway <=6.0 unauthenticated order status updates and mitigations

Urgent WordPress security guide: mitigate unauthenticated OwnID Passwordless login bypass CVE-2025-10294 <=1.3.4

Urgent patch and mitigation guide for WPBakery stored XSS CVE-2025-11160