WP-FIREWALL SECURITY TEAM

WordPress ServerBuddy CSRF to PHP Object Injection//Published on 2025-08-16//CVE-2025-49895

Critical ServerBuddy CSRF to PHP Object Injection vulnerability in WordPress with immediate remediation guide

Security advisory: directory traversal in Contact Form 7 drag-and-drop uploads, fix 1.3.9.1

Soledad LFI CVE-2025-8142: urgent fixes, mitigations, and WAF guidance.

Explains CVE-2025-8089 stored XSS in Advanced iFrame, impact, detection, mitigations, and WP-Firewall protection

Soledad CVE-2025-8143 stored XSS: update to 8.6.8 and strengthen with WAF

Urgent ProfilePress CVE-2025-8878 unauthenticated shortcode execution; update to 4.16.5.

Soledad theme CVE-2025-8105 unauthenticated shortcode risk, detection, patching and WP-Firewall protection

Urgent: Patch Profile Builder CVE-2025-8896 stored XSS to 3.14.4; mitigations and WAF tips.

Critical BetterDocs private content exposure CVE-2025-7499: patch to 4.1.2 and mitigations.

Critical WPGYM LFI CVE-2025-3671 exploit guide with urgent mitigations and WAF patches