Critical stored XSS in TablePress up to 3.2 via shortcode_debug; patch now.

WordPress Ocean Extra stored XSS CVE-2025-9499 guide: patch, WAF, and incident response.

Slider Revolution CVE-2025-9217 authenticated contributor file read; update to 6.7.37 and WAF.

Urgent CSRF CVE-2025-9618 in Related Posts Lite <=1.12; WordPress mitigation and WAF guidance.

CVE-2025-9441 authenticated SQL injection in iATS Online Forms <=1.2; detection and mitigation.