CVE-2024-28000: Critical Unauthenticated Privilege Escalation in LiteSpeed Cache (5 Million+ Sites)
CVE-2024-28000 is a critical (CVSS 9.8) unauthenticated privilege escalation flaw in LiteSpeed Cache, a plugin on 5,000,000+ WordPress…
Category
CVE
Security vulnerability reports and CVE analysis for WordPress plugins, themes, and core.
CVE-2025-47577: Critical Arbitrary File Upload in TI WooCommerce Wishlist Puts 100,000+ Stores at Risk (CVSS 10.0)
A CVSS 10.0 arbitrary file upload flaw in TI WooCommerce Wishlist let unauthenticated attackers upload PHP files and…
3 Critical WordPress Plugin Vulnerabilities Patched in Just 9 Days
3 Critical WordPress Plugin Vulnerabilities Patched in Just 9 Days The WordPress security landscape has seen an intense…
CVE-2026-7567 – Critical Authentication Bypass in Temporary Login Plugin (CVSS 9.8)
CVE-2026-7567 – Critical Authentication Bypass in Temporary Login Plugin (CVSS 9.8) A critical vulnerability has been discovered in…
CVE-2025-7384: PHP Object Injection in Database for Contact Form 7 Plugin (CVSS 9.8)
A critical PHP Object Injection flaw (CVE-2025-7384, CVSS 9.8) in the Database for Contact Form 7, WPforms, and…
Critical Arbitrary File Move in MW WP Form Plugin
Introduction The MW WP Form plugin helps WordPress site owners build custom forms. It supports file uploads, data…
Reflected XSS in reCaptcha by WebDesignBy Plugin
A cross-site scripting vulnerability affects reCaptcha by WebDesignBy. This WordPress plugin adds Google reCAPTCHA to your forms. CVE-2026-4512…
Stored Cross-Site Scripting in Social Rocket Plugin
Overview of CVE-2026-1923 A stored Cross-Site Scripting vulnerability affects the Social Rocket plugin. This flaw has a CVSS…
Missing Authorization in HT Mega Addons for Elementor
A missing authorization vulnerability affects HT Mega Addons for Elementor. This WordPress plugin has over 200,000 active installations.…
Stored Cross-Site Scripting in ITERAS Plugin
Overview of CVE-2026-4078 A stored Cross-Site Scripting vulnerability affects the ITERAS plugin. This flaw has a CVSS score…