WordPress - CVE CyberSecurity Database News (Page 4)

Mar 4, 2025 WordPress Exploit PHP

CVE-2025-0912 - WordPress Donations Widget PHP Object Injection Vulnerability in All Versions up to and Including 3.19.4

Researchers have discovered a PHP Object Injection vulnerability in the Donations Widget plugin for WordPress, which could potentially lead to remote code execution. The plugin

Mar 1, 2025 WordPress Exploit

CVE-2025-1671 - Privilege Escalation Vulnerability in the Academist Membership Plugin for WordPress

In the world of WordPress plugins, security is of utmost importance. Unfortunately, not all plugins are created equally, and some, like the Academist Membership plugin

Feb 28, 2025 XSS WordPress API Exploit

CVE-2025-1319 - WordPress Site Mailer Plugin Vulnerability: Stored Cross-Site Scripting in Email API Deliverability & Email Log

As per the recent security update, the Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress has been found to be

Feb 28, 2025 WordPress Exploit

CVE-2024-10860: A Warning to WordPress Users – Unauthorized Submission of Data in NextMove Lite – Thank You Page for WooCommerce Plugin

--- Are you using the NextMove Lite – Thank You Page for WooCommerce plugin for enhancing your WordPress website's customer experience? If so, you

Feb 28, 2025 CSRF WordPress API Exploit

CVE-2025-0801 - Unauthenticated Remote API Key Update for RateMyAgent Official WordPress Plugin

The RateMyAgent Official plugin for WordPress (versions up to, and including, 1.4.) suffers from a Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability specifically affects