Zip Attachments Plugin Authorization Bypass Risk//Published on 2025-10-15//CVE-2025-11701
Urgent guide to CVE-2025-11701 Zip Attachments vulnerability, unauthenticated disclosure, and mitigations.
ÉQUIPE DE SÉCURITÉ WP-FIREWALL
External Login Plugin Unauthenticated SQL Injection Risk//Published on 2025-10-15//CVE-2025-11177
Urgent WordPress CVE-2025-11177 unauthenticated SQLi guide for External Login plugin remediation
Critical Oceanpayment Plugin Allows Order Status Tampering//Published on 2025-10-15//CVE-2025-11728
Urgent advisory Oceanpayment Gateway <=6.0 unauthenticated order status updates and mitigations
Critical OwnID Passwordless Plugin Authentication Bypass//Published on 2025-10-15//CVE-2025-10294
Urgent WordPress security guide: mitigate unauthenticated OwnID Passwordless login bypass CVE-2025-10294 <=1.3.4
Critical WPBakery Stored Cross Site Scripting Risk//Published on 2025-10-15//CVE-2025-11160
Urgent patch and mitigation guide for WPBakery stored XSS CVE-2025-11160
Authenticated Stored XSS in Ova Advent Plugin//Published on 2025-10-15//CVE-2025-8561
Ova Advent stored XSS advisory with WP-Firewall mitigations and patch guidance.
FunKItools CSRF Enables Settings Takeover//Published on 2025-10-15//CVE-2025-10301
Guide for WordPress admins on FunKItools CSRF vulnerability CVE-2025-10301 and practical WAF mitigations.
US Security Advisory WPBakery Stored XSS Risk//Published on 2025-10-15//CVE-2025-11161
CVE-2025-11161 stored XSS in WPBakery; upgrade to 8.7 or apply WAF patch
Critical Authenticated SQL Injection in onOffice Plugin//Published on 2025-10-15//CVE-2025-10045
Explains authenticated SQL injection in onOffice for WP-Websites plugin and practical mitigations
Authenticated Stored XSS in URLYar Plugin//Published on 2025-10-15//CVE-2025-10133
Authenticated stored XSS in URLYar <=1.1.0 CVE-2025-10133 with mitigations and WP Firewall protections
Français 
English 
简体中文 
香港中文 
繁體中文 
日本語 
Español 
العربية 
हिन्दी 
বাংলা 
한국어 
Italiano 
Português 
Nederlands 
Tiếng Việt 
Русский 
Polski 
Deutsch 
Dansk