Zip Attachments vulnerability exposes private attachments; fixes, mitigations, and virtual patch guidance

CVE-2025-10312 CSRF in Theme Importer <=1.0 and actionable WordPress protection guidance.

Unauthenticated order status vulnerability in Oceanpayment Gateway version 6.0 or lower; CVE-2025-11728 mitigation guide

Explains CVE-2025-6042 unauthenticated privilege escalation in Lisfinity Core and how WP Firewall protects sites