সর্বশেষ ওয়ার্ডপ্রেস প্লাগইন দুর্বলতা

2025 10 03backup boltcve202510306

Authenticated Admin Arbitrary File Download Vulnerability//Published on 2025-10-03//CVE-2025-10306

WordPress Backup Bolt CVE-2025-10306 detection, mitigation, WAF guidance, incident response.

2025 10 03notification barcve20259895 1

Critical CSRF Vulnerability in Notification Bar Plugin//Published on 2025-10-03//CVE-2025-9895

WordPress Notification Bar CSRF vulnerability CVE-2025-9895 with practical mitigations

2025 10 03restrict user registrationcve20259892

Critical CSRF Vulnerability in WordPress Registration Plugin//Published on 2025-10-03//CVE-2025-9892

CVE-2025-9892 CSRF in Restrict User Registration: detection, mitigations, and WP-Firewall protection

2025 10 03contentmx content publishercve20259889

Critical CSRF Flaw in ContentMX Plugin//Published on 2025-10-03//CVE-2025-9889

Urgent CSRF flaw CVE-2025-9889 in ContentMX Content Publisher <=1.0.6 and WP-Firewall defenses

2025 10 03notification barcve20259895

Critical CSRF Advisory Notification Bar Plugin//Published on 2025-10-03//CVE-2025-9895

Urgent CSRF advisory for Notification Bar plugin CVE-2025-9895 with immediate mitigations and WAF guidance

2025 10 03mobile site redirectcve20259884 1

Mobile Site Redirect Plugin CSRF Enables Stored XSS//Published on 2025-10-03//CVE-2025-9884

Security guide for CSRF-driven stored XSS in Mobile Site Redirect (<=1.2.1) CVE-2025-9884

2025 10 03joomsportcve20257721 1

Unauthenticated JoomSport Directory Traversal Enables LFI//Published on 2025-10-03//CVE-2025-7721

Urgent CVE-2025-7721 LFI in JoomSport <=5.7.3; patch to 5.7.4 now.

2025 10 03meks easy mapscve20259206

Critical Meks Easy Maps Contributor Stored XSS//Published on 2025-10-03//CVE-2025-9206

Auth stored XSS in Meks Easy Maps <=2.1.4: risk, detection, mitigation, and WP-Firewall protection

2025 10 03woo superb slideshow transition gallery with random effectcve20259199

Critical Authenticated SQL Injection in Slideshow Plugin//Published on 2025-10-03//CVE-2025-9199

Authenticated SQL injection in Woo superb slideshow plugin CVE-2025-9199 with mitigation guidance

2025 10 03wp cycle text announcementcve20259198

Authenticated Contributor SQL Injection in WordPress Plugin//Published on 2025-10-03//CVE-2025-9198

Authenticated SQL injection in WP Cycle Text Announcement <=8.1; guidance for owners and developers