Case Theme User Plugin Authentication Bypass//Published on 2025-08-22//CVE-2025-5821
Critical CVE-2025-5821: WordPress Case Theme User plugin social-login bypass; update to 1.0.4 now
Critical CVE-2025-5821: WordPress Case Theme User plugin social-login bypass; update to 1.0.4 now
Urgent WordPress CVE-2025-9048 WPtobe-memberships subscriber file deletion mitigation and incident response
Urgent CSRF flaw in Restore Permanently delete Post or Page Data plugin with mitigations
Authenticated stored XSS in WS Theme Addons ws_weather shortcode with practical mitigations.
Urgent CVE-2025-9131 stored XSS in Ogulo plugin guidance for WordPress site owners
Urgent stored XSS in ShortcodeHub up to version 1.7.1 CVE-2025-7957 WordPress
CVE-2025-7827: Broken access control in Ni WooCommerce Customer Product Report enables subscriber settings update.
WP-Firewall advisory on CVE-2025-7828 enabling contributor feed deletions; actionable mitigations
Explains WP Talroo CVE-2025-8281 reflected XSS and how WP-Firewall protects WordPress sites
WPPizza CVE-2025-57894 broken access control: patch now and harden with WAF