CVE-2025-4224: Stored Cross-Site Scripting Vulnerability in wpForo Advanced Attachments Plugin
CVE-2025-4224 is a recently disclosed vulnerability affecting the wpForo + wpForo Advanced Attachments plugin for WordPress. Versions ≤ 3.1.3 are susceptible to a Stored Cross-Site Scripting (XSS) vulnerability, allowing authenticated users with Custom-level access or higher to inject malicious scripts via media upload names. In this post, we’ll walk through what the vulnerability means, who’s […]
CVE-2025-4857: Local File Inclusion Vulnerability in Newsletters Plugin for WordPress
CVE-2025-4857 is a recently disclosed vulnerability affecting the widely used Newsletters plugin for WordPress (versions ≤ 4.9.9.9). The flaw allows for Local File Inclusion (LFI), which could enable an attacker with Administrator-level access and above to execute unauthorized files on the server. In this post, we’ll walk through what the vulnerability means, who’s affected, and […]