সর্বশেষ ওয়ার্ডপ্রেস প্লাগইন দুর্বলতা

2025 08 25custom query shortcodecve20258562

Authenticated Path Traversal in Custom Query Shortcode//Published on 2025-08-25//CVE-2025-8562

Urgent patch for WordPress Custom Query Shortcode traversal CVE-2025-8562; upgrade to 0.5.0 and mitigate

2025 08 25event listcve20256366

Authenticated Subscriber Privilege Escalation in Event List//Published on 2025-08-25//CVE-2025-6366

Urgent guide to patch CVE-2025-6366 in Event List plugin and harden WordPress

2025 08 25wordpress automatic plugincve20256247

CSRF Enables Stored XSS in Automatic Plugin//Published on 2025-08-25//CVE-2025-6247

Urgent CVE-2025-6247 guide: WordPress Automatic CSRF stored XSS, update to 3.119.0 and WAF mitigation.

2025 08 25vibescve20259172

Unauthenticated SQL Injection in Vibes Plugin//Published on 2025-08-25//CVE-2025-9172

Unauthenticated SQL Injection in Vibes plugin CVE-2025-9172 essential fixes for WordPress sites

2025 08 25tourficcve20248860

Tourfic Plugin Lacks Authorization Controls Across Functions//Published on 2025-08-25//CVE-2024-8860

Tourfic CVE-2024-8860 vulnerability explained with mitigations and WP-Firewall guidance

2025 08 25post type convertercve202548303

Critical CSRF in Post Type Converter Plugin//Published on 2025-08-25//CVE-2025-48303

WordPress CSRF CVE-2025-48303 for Post Type Converter: risks, mitigations, and WAF guidance

2025 08 23ultimate twitter profile widgetcve202548321

CSRF Enables Stored XSS in Twitter Widget//Published on 2025-08-23//CVE-2025-48321

Urgent CSRF stored XSS in Ultimate Twitter Profile Widget CVE-2025-48321 with fixes and protections

2025 08 23多说社会化评论框cve202548318

CSRF Allows Settings Tampering in Duoshuo Plugin//Published on 2025-08-23//CVE-2025-48318

CSRF vulnerability in Duoshuo WordPress plugin CVE-2025-48318 explained and mitigations

2025 08 23百度分享按钮cve202548320

Baidu Share Plugin CSRF Enables Stored XSS//Published on 2025-08-23//CVE-2025-48320

CVE-2025-48320 BaiduShare WordPress plugin CSRF to Stored XSS mitigation and remediation guide

2025 08 23mesa mesa reservation widgetcve202548319

Critical XSS in Mesa Reservation Widget Plugin//Published on 2025-08-23//CVE-2025-48319

WordPress Mesa Reservation Widget stored XSS CVE-2025-48319: detection, containment, and remediation.