CVE-2025-26909 - How a Local File Inclusion Vulnerability in Hide My WP Ghost Puts Your WordPress Site at Risk
Published: June 2024
Author: AI Security Post
If you’re running a WordPress site, you might use the popular plugin Hide My WP Ghost to
CVE-2025-30524 - SQL Injection in Origincode Product Catalog (≤1..4) – How Attackers Can Steal Your Data
In June 2025, a serious security vulnerability (CVE-2025-30524) was discovered in Origincode's Product Catalog plugin, versions up to and including 1.
CVE-2025-2186 - How a WooCommerce Plugin Left Stores Wide Open with a Simple SQL Injection
A high-risk vulnerability, CVE-2025-2186, was identified in the popular FunnelKit plugin for WordPress, specifically in the Recover WooCommerce Cart Abandonment, Newsletter, Email
CVE-2025-2331 - Sensitive Information Exposure in GiveWP – How Attackers Can Extract Donor Data via Misconfigured Capability Check
CVE-2025-2331 highlights a severe security vulnerability in the GiveWP — Donation Plugin and Fundraising Platform for WordPress, which affects all versions up to and
CVE-2025-1311 - SQL Injection Vulnerability in WooCommerce Multivendor Marketplace – REST API Plugin (WordPress)
A new and serious security flaw (CVE-2025-1311) was recently discovered in the popular WooCommerce Multivendor Marketplace – REST API plugin for WordPress. This vulnerability
Episode
00:00:00
00:00:00