CVE-2025-1028 - Remote Code Execution via Arbitrary File Upload in Contact Manager for WordPress (up to 8.6.4)
On June 13, 2024, a serious vulnerability—CVE-2025-1028—was disclosed in the popular “Contact Manager” WordPress plugin, affecting all versions up to, and including, 8.
CVE-2025-0466 - Breaking Down the Sensei LMS WordPress Plugin Information Leak (Before Version 4.24.4)
WordPress powers much of the web. With so many sites relying on plugins, vulnerabilities can ripple through the ecosystem fast. Today, let’s talk about
CVE-2024-12041 - Unauthenticated User Data Exposure in The Directorist WordPress Plugin (<= 8..12) – Full Breakdown, Code Demo, and Remediation
In February 2024, a serious vulnerability was discovered in the popular WordPress plugin Directorist: AI-Powered Business Directory with Classified Ads Listings. The flaw, tagged CVE-2024-12041,
CVE-2024-13101 - Stored XSS Vulnerability in WP MediaTagger WordPress Plugin Explained
WordPress plugins make our lives easier, but sometimes even popular plugins can have security holes. In this post, we’ll take a close look at
CVE-2024-13742 - PHP Object Injection in iControlWP Plugin—What You Need to Know
In February 2024, security researchers discovered a serious vulnerability in the popular iControlWP – Multiple WordPress Site Manager plugin, identified as CVE-2024-13742. This bug allows unauthenticated
Episode
00:00:00
00:00:00