CVE-2025-13153: Stored XSS in Logo Slider WordPress Plugin (CVSS 6.1)
A Cross-Site Scripting (XSS) vulnerability has been discovered in the Logo Slider WordPress plugin. Tracked as CVE-2025-13153 with…
A Cross-Site Scripting (XSS) vulnerability has been discovered in the Logo Slider WordPress plugin. Tracked as CVE-2025-13153 with…
CVE-2025-12685 WPBookit CSRF Privilege Escalation. A Cross-Site Request Forgery (CSRF) vulnerability affects the WPBookit WordPress plugin. Tracked as…
CVE-2025-14047 WP User Frontend SQL Injection. An unauthorized data loss vulnerability affects the WP User Frontend plugin for…
A missing capability check vulnerability affects the My Sticky Elements plugin for WordPress. Tracked as CVE-2025-14428 with a…
Patchstack has reported a significant increase in WordPress plugin vulnerabilities during the first quarter of 2026. According to…
WordPress 6.8 introduces several important security improvements that site owners should be aware of. While not a major…
A Server-Side Request Forgery 2026 WordPress Security Threats report (SSRF) vulnerability has been discovered in the WP Import…
The Ninja Forms plugin for WordPress has an access token generation issue. It is tracked as CVE-2025-14072 with…
A SQL injection vulnerability has appeared in the Team WordPress plugin. Tracked as CVE-2025-14124 with a CVSS score…
CVE-2026-4123 Branda Account Takeover. A critical privilege escalation vulnerability has been discovered in the Branda plugin for WordPress,…