CVE-2025-7384: PHP Object Injection in Database for Contact Form 7 Plugin (CVSS 9.8)
A critical PHP Object Injection flaw (CVE-2025-7384, CVSS 9.8) in the Database for Contact Form 7, WPforms, and…
Tag
critical vulnerability
The WooCommerce Order Notification Flaw: How a Plugin Exposed 50,000 Stores
The Nightmare Scenario That Became Real Imagine running an online store with 1,000 products. You spent years building…
April 2026 WordPress Vulnerability Roundup: 10 Critical Flaws Patched This Month
April 2026 was a heavy month for WordPress security. Researchers published ten significant CVEs this month. This April…
Critical Arbitrary File Move in MW WP Form Plugin
Introduction The MW WP Form plugin helps WordPress site owners build custom forms. It supports file uploads, data…