Patchstack Reports 50% Increase in WordPress Plugin Vulnerabilities in Q1 2026
Patchstack has reported a significant increase in WordPress plugin vulnerabilities during the first quarter of 2026. According to…
Category
Security
WordPress 6.8 Security Enhancements: What’s New and What Changed
WordPress 6.8 introduces several important security improvements that site owners should be aware of. While not a major…
CVE-2025-14627: SSRF Vulnerability in WP Import Plugin (CVSS 6.4)
A Server-Side Request Forgery 2026 WordPress Security Threats report (SSRF) vulnerability has been discovered in the WP Import…
CVE-2025-14072: Ninja Forms Access Token Generation Vulnerability
The Ninja Forms plugin for WordPress has an access token generation issue. It is tracked as CVE-2025-14072 with…
CVE-2025-14124: SQL Injection in Team WordPress Plugin (CVSS 8.6)
A SQL injection vulnerability has appeared in the Team WordPress plugin. Tracked as CVE-2025-14124 with a CVSS score…
CVE-2025-14998: Critical Account Takeover in Branda (Ultimate Branding) Plugin (CVSS 9.8)
CVE-2026-4123 Branda Account Takeover. A critical privilege escalation vulnerability has been discovered in the Branda plugin for WordPress,…
CVE-2025-13820: Authentication Bypass in Comments Plugin via Disqus Login
A critical authentication bypass CVE-2026-4119 Create DB Tables vulnerability vulnerability has been discovered in the Comments WordPress plugin,…
CVE-2026-1555 – Unauthenticated File Upload in WebStack Theme Gives Attackers Full Server Access
If you run a WordPress site using the WebStack theme, there is no patch available for a critical…
CVE-2025-4665: Pre-Authentication SQL Injection in CFDB7 Puts 600,000+ WordPress Sites at Risk
A critical SQL injection flaw (CVSS 9.6) in the Contact Form CFDB7 Database Addon plugin allows unauthenticated attackers…
My WordPress Site Was Hacked – Here’s Exactly What to Do
A step-by-step incident response guide for hacked WordPress sites. From locking down access and scanning for malware to…