CVE-2025-13820: Authentication Bypass in Comments Plugin via Disqus Login
A critical authentication bypass CVE-2026-4119 Create DB Tables vulnerability vulnerability has been discovered in the Comments WordPress plugin,…
A critical authentication bypass CVE-2026-4119 Create DB Tables vulnerability vulnerability has been discovered in the Comments WordPress plugin,…
If you run a WordPress site using the WebStack theme, there is no patch available for a critical…
A critical SQL injection flaw (CVSS 9.6) in the Contact Form CFDB7 Database Addon plugin allows unauthenticated attackers…
A step-by-step incident response guide for hacked WordPress sites. From locking down access and scanning for malware to…
A missing return-value check in WPvivid Backup and Migration turned a failed RSA decryption into an unauthenticated remote…
CAA records tell the world which Certificate Authorities are allowed to issue SSL certificates for your domain. Here…
A privilege escalation flaw in LatePoint lets users with the Agent role rebind customer records to the site…
A path traversal vulnerability in The Events Calendar (CVE-2026-3585) shows how a skipped update and a lingering author…
A CVSS 9.8 Remote Code Execution flaw in Advanced Custom Fields: Extended left 100,000 WordPress sites open to…
A routine WordPress maintenance check turns up two unfamiliar admin accounts - and a 9.8 CVSS vulnerability hiding…