Subscriber IDOR Permits Wishlist Item Deletion | CVE202512087 | 2025-11-12
Urgent IDOR in Wishlist and Save for later for WooCommerce; update to 1.1.23.
Subscriber IDOR Permits Wishlist Item Deletion | CVE202512087 | 2025-11-12 Read More »
November 2025
Unauthorized Settings Update in Add Multiple Marker | CVE202511999 | 2025-11-10
Urgent: WordPress unauthenticated settings update flaw in Add Multiple Marker plugin (CVE-2025-11999)
Unauthorized Settings Update in Add Multiple Marker | CVE202511999 | 2025-11-10 Read More »
Document Pro Elementor Unauthenticated Information Exposure | CVE202511997 | 2025-11-10
Urgent guide to mitigating unauthenticated data exposure in Document Pro Elementor CVE-2025-11997 with WAF
Document Pro Elementor Unauthenticated Information Exposure | CVE202511997 | 2025-11-10 Read More »
Urgent Security Alert Reflected XSS in FunnelKit | CVE202510567 | 2025-11-09
FunnelKit Funnel Builder XSS CVE-2025-10567: update to 3.12.0.1, WAF protection and hardening steps
Urgent Security Alert Reflected XSS in FunnelKit | CVE202510567 | 2025-11-09 Read More »
Critical Broken Access Control in ZoloBlocks Plugin | CVE202549903 | 2025-11-09
ZoloBlocks CVE-2025-49903 analysis with mitigations WAF rules and incident response guidance
Critical Broken Access Control in ZoloBlocks Plugin | CVE202549903 | 2025-11-09 Read More »
Critical Easy Digital Downloads Order Manipulation Vulnerability | CVE202511271 | 2025-11-08
Urgent WordPress EDD CVE-2025-11271 vulnerability guide and patch guidance
Critical Unauthenticated SQL Injection in Events Calendar | CVE202512197 | 2025-11-08
Essential guide to mitigating CVE-2025-12197 unauthenticated SQL injection in The Events Calendar.
Critical Unauthenticated SQL Injection in Events Calendar | CVE202512197 | 2025-11-08 Read More »
LC Wizard Unauthenticated Privilege Escalation Risk | CVE20255483 | 2025-11-06
Urgent LC Wizard CVE-2025-5483 advisory; upgrade to 1.4.0 or deploy WAF protections.
LC Wizard Unauthenticated Privilege Escalation Risk | CVE20255483 | 2025-11-06 Read More »
Critical IDonate Plugin Account Takeover Risk | CVE20254519 | 2025-11-06
WordPress IDonate vulnerability CVE-2025-4519 enables subscriber privilege escalation; patch 2.1.10 and WAF guide.
Critical IDonate Plugin Account Takeover Risk | CVE20254519 | 2025-11-06 Read More »
Critical Gravity Forms Arbitrary File Upload Vulnerability | CVE202512352 | 2025-11-06
Urgent Gravity Forms CVE-2025-12352 arbitrary file upload risk patch to 2.9.21 now
Critical Gravity Forms Arbitrary File Upload Vulnerability | CVE202512352 | 2025-11-06 Read More »