Posts in category wordpress

• 2026-05-24 CVE-2026-8679: AudioIgniter IDOR Exposes Private Playlist Data (CVSS 7.5)
• 2026-05-24 CVE-2026-9011: Ditty Plugin Exposes Non-Public Content to Anyone (CVSS 7.5)
• 2026-05-19 CVE-2026-8719: AI Engine Privilege Escalation via MCP OAuth (CVSS 8.8)
• 2026-05-18 CVE-2026-6403: Unauthenticated File Read in Quick Playground (CVSS 7.5)
• 2026-05-17 CVE-2026-5229: Form Notify Auth Bypass via LINE OAuth Callback (CVSS 9.8)
• 2026-05-16 CVE-2026-4094: FOX Currency Switcher Config Deletion (CVSS 8.1)
• 2026-05-15 CVE-2026-3718: ManageWP Worker Unauthenticated Stored XSS (CVSS 7.2)
• 2026-05-14 CVE-2026-6271: Unauthenticated RCE in Career Section Plugin (CVSS 9.8)
• 2026-05-13 CVE-2026-8181: Auth Bypass to Admin Takeover in Burst Statistics Plugin (CVSS 9.8)
• 2026-05-12 CVE-2026-3892: Motors Plugin Arbitrary File Deletion (CVSS 8.1)
• 2026-05-11 CVE-2026-5395: Fluent Forms <= 6.2.0 IDOR Exposes Form Entries (CVSS 8.2)
• 2026-05-10 CVE-2026-7330: Stored XSS in Auto Affiliate Links Plugin
• 2026-05-09 CVE-2026-6929: JoomSport Unauthenticated SQL Injection (CVSS 7.5)
• 2026-05-08 CVE-2026-5396: Fluent Forms Authorization Bypass via form_id (CVSS 8.2)
• 2026-05-07 CVE-2026-42668: Omnisend WooCommerce Account Takeover (CVSS 7.5)
• 2026-05-06 CVE-2026-4029: Unauthenticated DB Export in WP Database Backup (CVSS 7.5)
• 2026-05-05 CVE-2026-6320: Arbitrary File Read in Salon Booking System
• 2026-05-04 CVE-2026-5324: Unauthenticated XSS in Brizy Page Builder
• 2026-05-03 CVE-2026-5063: Stored XSS in NEX-Forms via Form Submission
• 2026-05-02 CVE-2026-4019: Unauthenticated Private Post Content Disclosure In Complianz Plugin
• 2026-04-30 CVE-2026-6741: Critical Privilege Escalation in LatePoint Plugin (CVSS 8.8)
• 2026-04-29 CVE-2026-5364: Unauthenticated Arbitrary PHP Upload in CF7 Drag and Drop Plugin
• 2026-04-28 CVE-2026-6393: Authenticated Missing Authorization in BetterDocs Plugin
• 2026-04-27 CVE-2026-5428: Authenticated Stored XSS in Royal Elementor Addons Plugin
• 2026-04-26 Mailpit: Capture & Inspect Emails Locally for WordPress, Laravel, and PHP
• 2026-04-25 CVE-2026-3844: Unauthenticated Arbitrary File Upload To RCE in Breeze Cache Plugin (CVSS 9.8)
• 2026-04-24 CVE-2026-4388: Unauthenticated Stored XSS in Form Maker by 10Web Plugin
• 2026-04-22 CVE-2026-5718: Unauthenticated File Upload To RCE in DnD Upload CF7 Plugin
• 2026-04-21 CVE-2026-2262: Easy Appointments Data Exposure via REST API
• 2026-04-20 CVE-2026-5478: Path Traversal File Read in Everest Forms
• 2026-04-19 CVE-2025-14868: CSRF File Deletion in Career Section Plugin
• 2026-04-18 CVE-2026-2834: Unauthenticated Stored XSS in Token of Trust Plugin
• 2026-04-17 CVE-2026-4365: Arbitrary Quiz Answer Deletion in LearnPress (CVSS 9.1)
• 2026-04-16 CVE-2026-5231: Stored XSS via utm_source in WP Statistics
• 2026-04-15 CVE-2026-4880: Barcode Scanner Plugin Privilege Escalation
• 2026-04-14 CVE-2026-3017: PHP Object Injection in Smart Post Show
• 2026-04-13 CVE-2025-15027: Privilege Escalation in JAY Login & Register (CVSS 9.8)
• 2026-04-12 CVE-2025-68043: Missing Authorization in LottieFiles Plugin (CVSS 9.8)
• 2026-04-11 CVE-2026-3124: Download Monitor Unauthenticated IDOR To Order Theft
• 2026-04-10 CVE-2026-3360: Tutor LMS Unauthenticated Billing Overwrite (CVSS 7.5)
• 2026-04-09 CVE-2026-3296: PHP Object Injection in Everest Forms (CVSS 9.8)
• 2026-04-08 CVE-2026-2942: Arbitrary File Upload in ProSolution WP Client
• 2026-04-07 CVE-2026-4003: CVSS 9.8 Privilege Escalation in Users Manager PN
• 2026-04-06 CVE-2025-15488: Unauthenticated Code Injection in Responsive Plus
• 2026-04-04 CVE-2026-1233: Hardcoded MySQL Credentials in TTS Plugin
• 2026-04-02 CVE-2026-5130: Debugger & Troubleshooter Unauthenticated Account Takeover
• 2026-03-31 CVE-2026-4267: Unauthenticated Reflected XSS in Query Monitor Plugin
• 2026-03-30 CVE-2026-4257: SSTI to RCE in Contact Form by Supsystic
• 2026-03-29 CVE-2026-4987: Unauthenticated Payment Bypass in SureForms
• 2026-03-28 CVE-2026-3584: Kali Forms Unauthenticated RCE & Admin Takeover
• 2026-03-02 CVE-2026-1357: Unauthenticated RCE in WPvivid Backup Plugin (CVSS 9.8)
• 2026-03-01 CVE-2026-27384: Unauthenticated RCE in W3 Total Cache
• 2026-01-14 CVE-2026-23550: CVSS 10 Privilege Escalation in Modular DS
• 2026-01-10 WordPress Action and Filter Hooks: A Developer's Guide
• 2025-12-18 SQA Career in WordPress: A Complete Ecosystem Guide
• 2025-12-07 What Is WordPress? A Complete Beginner's Guide [2026]
• 2025-12-06 CVE-2025-12352: Arbitrary File Upload in Gravity Forms
• 2025-12-05 CVE-2025-12493: Local PHP File Inclusion in ShopLentor
• 2025-12-04 CVE-2025-11749: Privilege Escalation in AI Engine Plugin
• 2025-12-03 CVE-2025-13597: Arbitrary File Upload in AI Feeds Plugin
• 2025-12-01 CVE-2025-11457: Privilege Escalation in EasyCommerce Plugin
• 2025-11-18 WordPress Bug Bounty: Best Resources for Security Researchers
• 2025-11-17 3 Powerful AI Prompts for WordPress SQA Engineers
• 2025-11-10 CSS Combinators Explained: Types, Syntax & Use Cases
• 2025-10-02 CVE-2025-58246: My Contribution to WordPress 6.8.3 Security
• 2025-09-20 tag_escape() in WordPress: Secure HTML Escaping Guide
• 2025-09-02 CVE-2025-58196: XSS in WordPress UiCore Elements Plugin
• 2025-09-01 CVE-2025-55715: Sensitive Info Exposure Affecting 300K+ Sites
• 2025-08-28 CVE-2025-54708: Stored XSS in WordPress B-Blocks Plugin
• 2025-08-28 Escaping vs. Sanitization in WordPress: A Developer’s Guide
• 2025-08-26 WordPress Security: My July 2025 CVE Contribution Recap
• 2025-04-15 Check WordPress Plugin Compatibility with wp-since on xCloud
• 2025-03-01 10 Common WordPress Mistakes to Avoid (Beginner’s FAQ Guide)