wordpress vulnerabilities

3   Articles
3
WordPress wp_verify_nonce vs check_ajax_referer: How to Stop CSRF in Your WordPress Plugins

WordPress wp_verify_nonce vs check_ajax_referer: How to Stop CSRF in Your WordPress Plugins

6 Min Read
0 10
6 Min Read
0 10

To avoid Cross-Site Request Forgery (CSRF) attacks, WordPress has two functions for plugin developers: wp_verify_nonce and check_ajax_referer. If you don’t use at least one of these functions, your plugin could…

Coding vulnerabilitiesSecure coding
jennifer
Continue Reading
How to Exploit the CSV-to-SortTable Vulnerability Local File Inclusion (CVE-2025-13070 with Proof of Concept)

How to Exploit the CSV-to-SortTable Vulnerability Local File Inclusion (CVE-2025-13070 with Proof of Concept)

3 Min Read
0 35
3 Min Read
0 35

The CSV-to-SortTable WordPress plugin is a handy little tool for site owners, but its codebase shows that it was not built with hackers in mind. CSV-to-SortTable does not validate files…

Coding vulnerabilitiesSecure coding
jennifer
Continue Reading
CVE-2025-8489 Explanation: How a Mistake in a WordPress Hook Function Lets Attackers Gain Administrator Access

CVE-2025-8489 Explanation: How a Mistake in a WordPress Hook Function Lets Attackers Gain Administrator Access

3 Min Read
0 151
3 Min Read
0 151

A common programming mistake is thinking that what can’t be seen on the public web can’t possibly be a vulnerability. WordPress site owners entrust their security to plugin developers, which…

Coding vulnerabilitiesSecurity
jennifer
Continue Reading
Page 1 of 1