WordPress Cron Security: How to Protect wp-cron.php and Scheduled Tasks
WordPress uses a built-in cron system (wp-cron.php) to schedule tasks like checking for updates, publishing scheduled posts, running…
Blog
CVE-2025-13456: Reflected XSS in ShopBuilder WooCommerce Plugin (CVSS 6.1)
A Reflected Cross-Site Scripting vulnerability has been discovered in the ShopBuilder WordPress plugin for WooCommerce. Tracked as CVE-2025-13456…
CVE-2025-13153: Stored XSS in Logo Slider WordPress Plugin (CVSS 6.1)
A Cross-Site Scripting (XSS) vulnerability has been discovered in the Logo Slider WordPress plugin. Tracked as CVE-2025-13153 with…
CVE-2025-12685: CSRF Vulnerability in WPBookit Plugin Allows Customer Deletion
CVE-2025-12685 WPBookit CSRF Privilege Escalation. A Cross-Site Request Forgery (CSRF) vulnerability affects the WPBookit WordPress plugin. Tracked as…
CVE-2025-14047: Unauthorized Data Loss in WP User Frontend Plugin
CVE-2025-14047 WP User Frontend SQL Injection. An unauthorized data loss vulnerability affects the WP User Frontend plugin for…
CVE-2025-14428: Missing Capability Check in My Sticky Elements Plugin
A missing capability check vulnerability affects the My Sticky Elements plugin for WordPress. Tracked as CVE-2025-14428 with a…
Patchstack Reports 50% Increase in WordPress Plugin Vulnerabilities in Q1 2026
Patchstack has reported a significant increase in WordPress plugin vulnerabilities during the first quarter of 2026. According to…
WordPress 6.8 Security Enhancements: What’s New and What Changed
WordPress 6.8 introduces several important security improvements that site owners should be aware of. While not a major…
CVE-2025-14627: SSRF Vulnerability in WP Import Plugin (CVSS 6.4)
A Server-Side Request Forgery 2026 WordPress Security Threats report (SSRF) vulnerability has been discovered in the WP Import…
CVE-2025-14072: Ninja Forms Access Token Generation Vulnerability
The Ninja Forms plugin for WordPress has an access token generation issue. It is tracked as CVE-2025-14072 with…