সর্বশেষ ওয়ার্ডপ্রেস প্লাগইন দুর্বলতা

2025 08 22case theme usercve20255821

Case Theme User Plugin Authentication Bypass//Published on 2025-08-22//CVE-2025-5821

Critical CVE-2025-5821: WordPress Case Theme User plugin social-login bypass; update to 1.0.4 now

2025 08 22wptobe membershipscve20259048

Critical Wptobe Memberships Authenticated File Deletion//Published on 2025-08-22//CVE-2025-9048

Urgent WordPress CVE-2025-9048 WPtobe-memberships subscriber file deletion mitigation and incident response

2025 08 22restore permanently delete post or page datacve20257839

Critical CSRF in Restore Permanently Delete Plugin//Published on 2025-08-22//CVE-2025-7839

Urgent CSRF flaw in Restore Permanently delete Post or Page Data plugin with mitigations

2025 08 22ws theme addonscve20258062

Authenticated Stored XSS in WS Theme Addons//Published on 2025-08-22//CVE-2025-8062

Authenticated stored XSS in WS Theme Addons ws_weather shortcode with practical mitigations.

2025 08 22shortcodehub multipurpose shortcode buildercve20257957

ShortcodeHub Authenticated Stored Cross Site Scripting//Published on 2025-08-22//CVE-2025-7957

Urgent stored XSS in ShortcodeHub up to version 1.7.1 CVE-2025-7957 WordPress

2025 08 22ni woocommerce customer product reportcve20257827

Ni WooCommerce Customer Product Report Authorization Bypass//Published on 2025-08-22//CVE-2025-7827

CVE-2025-7827: Broken access control in Ni WooCommerce Customer Product Report enables subscriber settings update.

2025 08 22wp filter combine rss feedscve20257828

Missing Authorization Allows Contributor Feed Deletion//Published on 2025-08-22//CVE-2025-7828

WP-Firewall advisory on CVE-2025-7828 enabling contributor feed deletions; actionable mitigations

2025 08 22wp talroocve20258281

Critical Reflected XSS in WP Talroo Plugin//Published on 2025-08-22//CVE-2025-8281

Explains WP Talroo CVE-2025-8281 reflected XSS and how WP-Firewall protects WordPress sites