Printeers Print and Ship Directory Traversal Advisory//Published on 2025-08-27//CVE-2025-48081
Directory traversal in Printeers Print and Ship plugin (CVE-2025-48081) and defensive mitigations for WordPress
Authenticated Stored XSS in Migration Plugin//Published on 2025-08-26//CVE-2025-8490
CVE-2025-8490 stored XSS in All-in-One WP Migration; risks and fixes.
Authenticated Stored XSS in Lazy Load Videos//Published on 2025-08-26//CVE-2025-7732
Stored XSS in Lazy Load for Videos plugin on WordPress; update to 2.18.8 now
Regex Vulnerability Enables Stored XSS in SiteSEO//Published on 2025-08-26//CVE-2025-9277
SiteSEO 1.2.7 stored XSS CVE-2025-9277 in WordPress; update to 1.2.8.
Dokan Pro Authenticated Vendor Privilege Escalation//Published on 2025-08-26//CVE-2025-5931
Dokan Pro CVE-2025-5931: vendor privilege escalation, patch 4.0.6, and incident response.
Authenticated Path Traversal in Custom Query Shortcode//Published on 2025-08-25//CVE-2025-8562
Urgent patch for WordPress Custom Query Shortcode traversal CVE-2025-8562; upgrade to 0.5.0 and mitigate
Authenticated Subscriber Privilege Escalation in Event List//Published on 2025-08-25//CVE-2025-6366
Urgent guide to patch CVE-2025-6366 in Event List plugin and harden WordPress
CSRF漏洞使自动插件中的存储型XSS攻击生效//发布于2025年8月25日//CVE-2025-6247
紧急 CVE-2025-6247 指南:WordPress 自动 CSRF 存储型 XSS,更新至 3.119.0 和 WAF 缓解措施。
Vibes插件中存在未经身份验证的SQL注入漏洞//发布于2025年8月25日//CVE-2025-9172
Vibes 插件中未经身份验证的 SQL 注入漏洞 CVE-2025-9172,WordPress 网站需要进行重要修复
简体中文 
English 
香港中文 
繁體中文 
日本語 
Español 
Français 
العربية 
हिन्दी 
বাংলা 
한국어 
Italiano 
Português 
Nederlands 
Tiếng Việt 
Русский 
Polski 
Deutsch 
Dansk