CVE-2025-22288 - How Path Traversal Vulnerability in WPMU DEV Smush Plugin Can Expose Your WordPress
Security researchers found a critical weakness in millions of WordPress websites using the popular Smush Image Compression and Optimization plugin, published by WPMU DEV. This
CVE-2025-47437 - SSRF in LiteSpeed Cache (All Versions through 7..1) — Exploit & Analysis
A brand new security hole has been found in LiteSpeed Technologies' LiteSpeed Cache plugin (versions up to 7..1). This vulnerability, tracked as CVE-2025-47437,
CVE-2025-58794 - CSRF Vulnerability in Notification for Telegram (Up to 3.4.6) – How Attackers Can Exploit Your Site
The security world has spotted a major flaw in the popular Notification for Telegram plugin, which affects versions up to 3.4.6. Tracked as
CVE-2025-47539 - Incorrect Privilege Assignment in Themewinter Eventin Lets Users Escalate Privileges
If you build WordPress sites with events, you may have heard of the Eventin plugin by Themewinter. It helps you manage events with booking features,
CVE-2024-9771 - How a Stored XSS in WP-Recall Plugin Let Admins Attack WordPress Sites Even Without “Unfiltered HTML”
A significant security bug, tracked as CVE-2024-9771, was discovered in the popular WP-Recall WordPress plugin. This vulnerability affects all versions before 16.26.12. What
Episode
00:00:00
00:00:00