![[CVE-2025-6053] Zuppler Online Ordering Protect Your WordPress Site from CSRF and XSS Risks cover](https://wp-firewall.com/wp-content/uploads/2025/07/1fa9ab77-a60d-42e6-812b-8c670cb578ee-DdDf4OnK_2000.jpeg)
A serious vulnerability in the Zuppler Online Ordering plugin (up to v2.1.0) poses a threat to WordPress sites through CSRF and stored XSS exploits. Without an official patch, site owners must take immediate action to secure their websites, such as deactivating the plugin and employing a managed WAF.
![[CVE-2025-5396] Bears Backup WordPress Backup Plugin Vulnerability Exposes Remote Code Risk cover](https://wp-firewall.com/wp-content/uploads/2025/07/349babef-dde5-4309-8567-3646d3152c8f-RyRrUExB_2000.jpeg)
Urgent guide on Bears Backup plugin RCE vulnerability, risks, and essential protection strategies
![[CVE-2025-6691] SureForms - Prevent Unauthorized File Deletion in WordPress SureForms cover](https://wp-firewall.com/wp-content/uploads/2025/07/0045e6f4-8c22-4368-8cf7-6f0f904db2e6-XTFfsp3n_2000.jpeg)
WordPress sites using the SureForms plugin up to version 1.7.3 face a critical security threat due to a vulnerability allowing unauthenticated file deletions. Update immediately to version 1.7.4 or later to protect your site.
![[CVE-2025-6976] Event Manager - Secure Your Site Against XSS in WordPress Event Manager cover](https://wp-firewall.com/wp-content/uploads/2025/07/3909c617-8563-4107-b917-6867f05392cc-1Qz7x1u9_2000.jpeg)
Protect your WordPress site from the critical XSS vulnerability in Events Manager plugin (versions 7.0.3 and earlier). Update to version 7.0.4 to secure your site against script injections and possible exploits.
![[CVE-2023-2921] WordPress Short URL Secure WordPress Short URL Plugin from SQL Injection Risks cover](https://wp-firewall.com/wp-content/uploads/2025/07/e277c17e-59d9-4a22-8a53-bbaccc75603c-dWqStHAv_2000.jpeg)
A critical SQL Injection vulnerability affects WordPress Short URL plugin versions up to 1.6.8, allowing attackers with subscriber access to execute harmful SQL commands. No patch is available yet. Disable the plugin and apply security measures immediately.
![[CVE-2025-3780] WCFM Protect WooCommerce Frontend Manager from Unauthorized Access cover](https://wp-firewall.com/wp-content/uploads/2025/07/85eb59f5-fd91-45c1-a66f-e2f6fda9f31b-UPAFo0hl_2000.jpeg)
A critical vulnerability in the WCFM WooCommerce plugin allows unauthorized attackers to alter settings, potentially compromising your site. Update to version 6.7.17 immediately to safeguard your online store.
WP-Firewall
6/F, The Rays, 71 Hung To Road, Kwun Tong, Kowloon, Hong Kong
© 2025 WP-Firewall™
English 
简体中文 
香港中文 
繁體中文 
日本語 
Español 
Français 
العربية 
हिन्दी 
বাংলা 
한국어 
Italiano 
Português 
Nederlands 
Tiếng Việt 
Русский 
Polski 
Deutsch 
Dansk