security

CVE-2025-8317Custom Word Cloud Secure WordPress Custom Word Cloud Plugin from Cross-Site Scripting

August 3, 2025 by WP-FIREWALL SECURITY TEAM

A critical security alert reveals a stored XSS vulnerability in the Custom Word Cloud plugin for WordPress, affecting versions 0.3 and below. Learn about the risks, mitigation strategies, and why proactive defenses are crucial to safeguard your site.

(CVE-2025-8216) Sky Addons for Elementor Security Flaw in WordPress Sky Addons Widgets

July 29, 2025 by WP-FIREWALL SECURITY TEAM

Discover the pressing security vulnerability affecting the Sky Addons for Elementor plugin up to version 3.1.4. Learn how to shield your WordPress site against stored cross-site scripting (XSS) threats. Prioritize updates, manage user permissions, and enhance your protection with firewalls and scanning tools for a safer online presence.

(CVE-2015-10143) Secure WordPress Themes Against Unauthorized Options Updates

July 29, 2025 by WP-FIREWALL SECURITY TEAM

A critical vulnerability in the Platform WordPress theme (versions <1.4.4) allows unauthorized option updates, risking full site compromise. Immediate theme update and security measures are crucial to protect your site.

[CVE-2025-6053] Zuppler Online Ordering Protect Your WordPress Site from CSRF and XSS Risks

July 20, 2025 by WP-FIREWALL SECURITY TEAM

A serious vulnerability in the Zuppler Online Ordering plugin (up to v2.1.0) poses a threat to WordPress sites through CSRF and stored XSS exploits. Without an official patch, site owners must take immediate action to secure their websites, such as deactivating the plugin and employing a managed WAF.

[CVE-2025-5396] Bears Backup WordPress Backup Plugin Vulnerability Exposes Remote Code Risk

July 16, 2025 by WP-FIREWALL SECURITY TEAM

Urgent guide on Bears Backup plugin RCE vulnerability, risks, and essential protection strategies

[CVE-2025-6691] SureForms – Prevent Unauthorized File Deletion in WordPress SureForms

July 10, 2025 by WP-FIREWALL SECURITY TEAM

WordPress sites using the SureForms plugin up to version 1.7.3 face a critical security threat due to a vulnerability allowing unauthenticated file deletions. Update immediately to version 1.7.4 or later to protect your site.

[CVE-2025-6976] Event Manager – Secure Your Site Against XSS in WordPress Event Manager

July 10, 2025 by WP-FIREWALL SECURITY TEAM

Protect your WordPress site from the critical XSS vulnerability in Events Manager plugin (versions 7.0.3 and earlier). Update to version 7.0.4 to secure your site against script injections and possible exploits.

[CVE-2023-2921] WordPress Short URL Secure WordPress Short URL Plugin from SQL Injection Risks

July 10, 2025 by WP-FIREWALL SECURITY TEAM

A critical SQL Injection vulnerability affects WordPress Short URL plugin versions up to 1.6.8, allowing attackers with subscriber access to execute harmful SQL commands. No patch is available yet. Disable the plugin and apply security measures immediately.

[CVE-2025-3780] WCFM Protect WooCommerce Frontend Manager from Unauthorized Access

July 9, 2025 by WP-FIREWALL SECURITY TEAM

A critical vulnerability in the WCFM WooCommerce plugin allows unauthorized attackers to alter settings, potentially compromising your site. Update to version 6.7.17 immediately to safeguard your online store.

CVE-2025-3455 [1 Click WordPress Migration Plugin] Secure Your WordPress Migration from Unauthorized File Uploads

May 9, 2025 by WP-FIREWALL SECURITY TEAM

A severe vulnerability (CVE-2025-3455) in the “1 Click WordPress Migration” plugin allows authenticated users to upload harmful files. With no patch available, urgent mitigation is needed to prevent site takeovers and data theft. Ensure robust defenses and consider using a managed WAF like WP-Firewall for real-time protection.

Contact us to schedule a complimentary WordPress Security consultation