wordpress

[CVE-2023-2921] WordPress Short URL Secure WordPress Short URL Plugin from SQL Injection Risks

July 10, 2025 by admin

A critical SQL Injection vulnerability affects WordPress Short URL plugin versions up to 1.6.8, allowing attackers with subscriber access to execute harmful SQL commands. No patch is available yet. Disable the plugin and apply security measures immediately.

CVE-2025-3455 [1 Click WordPress Migration Plugin] Secure Your WordPress Migration from Unauthorized File Uploads

May 9, 2025 by admin

A severe vulnerability (CVE-2025-3455) in the “1 Click WordPress Migration” plugin allows authenticated users to upload harmful files. With no patch available, urgent mitigation is needed to prevent site takeovers and data theft. Ensure robust defenses and consider using a managed WAF like WP-Firewall for real-time protection.

Contact us to schedule a complimentary WordPress Security consultation