Tag: wordpress

All the articles with the tag "wordpress".

• [CVE-2025-54352] WordPress XML-RPC Pingback Leaks Titles of Private and Draft Posts

  21 Jul, 2025

  A flaw in the longstanding pingback feature exposes the titles of unpublished WordPress content to the internet. An attacker needs nothing more than access to xmlrpc.php to enumerate every confidential headline.

• [CVE-2025-4396] Unauthenticated SQL Injection in Relevanssi Gives Attackers a Direct Line to Your WordPress Database

  13 May, 2025

  A logic flaw in the popular Relevanssi search plugin lets anyone craft time-based SQL queries through public search parameters. The bug leaks or modifies WordPress data without needing an account.

• [CVE-2025-11517] Free Tickets for Sale – How a Logic Error Skips Payment in WordPress Event Tickets

  28 Nov, 2024

  A missing price check in Event Tickets up to 5.26.5 lets anyone create orders for paid tickets through the plugin’s “free commerce” REST endpoint. Site owners lose revenue and occupancy control, while attackers walk in for nothing.