WordPress – TheCyberThrone

CVE-2025-5394 impacts WordPress Theme

Overview CVE-2025-5394 is a critical vulnerability discovered in the Alone – Charity Multipurpose Non-profit WordPress Theme (versions up to 7.8.3). The flaw exists in the alone_import_pack_install_plugin() function, which fails to…

PravinKarthik August 1, 2025

CVE-2025-4389 impacts Crawlomatic WordPress Plugin

A severe security vulnerability, identified as CVE-2025-4389, has been discovered in the Crawlomatic Multipage Scraper Post Generator plugin for WordPress. This flaw allows unauthenticated remote attackers to upload arbitrary files,…

PravinKarthik May 19, 2025

CVE-2024-10957: UpdraftPlus WordPress Plugin Vulnerability

CVE-2024-10957 is a high-severity vulnerability affecting the UpdraftPlus: WP Backup & Migration Plugin for WordPress. This vulnerability, present in versions up to and including 1.24.11, enables attackers to perform PHP…

PravinKarthik January 6, 2025

WordPress WPLMS and VibeBP Vulnerabilities

Two widely-used WordPress plugins, WPLMS and VibeBP, have recently been discovered with critical vulnerabilities. These vulnerabilities, if left unaddressed, could potentially expose websites to severe security risks. This analysis provides…

PravinKarthik December 24, 2024

WordPress WPForms flaw CVE-2024-11205

A critical vulnerability has been discovered in Wordpress plugin WPForms. The flaw allows authenticated attackers with subscriber-level privileges or higher to execute unauthorized refunds of Stripe payments and cancellations of…

PravinKarthik December 10, 2024

WordPress WPMLS Theme has a Critical Bug CVE-2024-10470

A security researcher, Friderika Baranyai, has discovered a critical path traversal bug in the WPLMS WordPress theme that leaves websites , allows attackers to read and delete arbitrary files on…

PravinKarthik November 14, 2024

WordPress Plugin LiteSpeed Cache Flaw CVE-2024-50550

Security researcher has identified a vulnerability in the LiteSpeed Cache plugin that could compromise WordPress sites with its unauthenticated privilege escalation capabilities. The vulnerability tracked as CVE-2024-50550 with a CVSS…

PravinKarthik November 1, 2024

WordPress WP Clone Plugin Vulnerability – CVE-2023-6750

Reference : Medium Researchers have identified a CVE-2023-6750, a critical vulnerability affecting WP Clone that offers a seamless solution for backing up, migrating, or cloning WordPress sites. With over 90,000…

PravinKarthik December 20, 2023