WP Security CVE FEB 2025

WP Security CVE FEB 2025: 49 public plugin risks

Sponsored by:

Order managed WooCommerce bundle: security, maintenance, speed, backup and monitoring. Managed for you on your domain, inside your hosting account, in your country. Each recurrent service costs the price of a single coffee, from your local barista, per week.

Be informed about the latest reported WP Security Plugin Vulnerabilities. WP Security CVE FEB 2025 is a +36% INCREASE, compared to last month. Consider for your online safety, a WP/Woo SECURITY AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

What is CVE?

TLDR: the details on how to hack a specific software is made public, forcing the vendor to provide a solution (patch or upgrade), that closes that specific vulnerability. CVE is short for Common Vulnerabilities and Exposures. The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. Read more on wikipedia.org: Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Common Weakness Enumeration.

Contact your online project manager:

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or β€œwebsite emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.

WP Security CVE FEB 2025

If you are serious about your online business, then you need to pay attention to the WordPress security best practices. The following cases made headlines PUBLICLY just last month in the WP Security CVE FEB 2025 category:

A5 Custom Login Page Cross-Site Scripting (XSS)
Ad Blocking Detector Cross-Site Scripting (XSS)
Admin and Site Enhancements (ASE) Broken Access Control (BAC)
Admin and Site Enhancements (ASE) Pro Broken Access Control (BAC)
Admin debug wordpress – enable debug Cross-Site Request Forgery (CSRF)
all-in-one-box-login Cross-Site Scripting (XSS)
Apply with LinkedIn buttons Cross-Site Scripting (XSS)
Apply with LinkedIn buttons Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
Asgard Security Scanner Cross-Site Scripting (XSS)
Auto iFrame Cross-Site Scripting (XSS) from Shortcode
Better Protected Pages Cross-Site Request Forgery (CSRF)
Captchelfie – Captcha by Selfie Cross-Site Scripting (XSS)
Content Security Policy Pro Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
Custom DataBase Tables Cross-Site Scripting (XSS)
Customizable Captcha and Contact Us Cross-Site Scripting (XSS)
Database Sync Private Data Exposure
Debug Tool Broken Access Control (BAC)
Download IP2Location Country Blocker Cross-Site Scripting (XSS)
Email Capture & Lead Generation Broken Access Control (BAC)
Error Log Viewer Missing Authorization (BAC) and Unauthenticated File Read (BAC)
FooGallery Captions Cross-Site Scripting (XSS)
Hack me if you can Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
Hide Login+ Cross-Site Scripting (XSS)
Homey Login Register Privilege Escalation (BAC)
Host PHP Info Missing Authorization (BAC) and Unauthenticated Private Information Disclosure
Htaccess File Editor Broken Authentication (BAC)
HTTP and HTTPS link Changer by Eyga.net Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
iframe and embed Cross-Site Scripting (XSS)
ldap_login_password_and_role_manager Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
LH Login Page Cross-Site Scripting (XSS)
Lime Developer Login Cross-Site Scripting (XSS)
Login Page Styler Missing Authorization (BAC) and Log Deletion (BAC) and Session Termination
Loginplus Broken Access Control (BAC)
Login Watchdog Cross-Site Scripting (XSS)
Passster – Password Protection Unauthenticated Content Restriction Bypass (BAC) and Private Information Exposure
Passwordless WP – Login with your glance or fingerprint Cross-Site Scripting (XSS)
Password Protect Plugin for WordPress Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
Passwords Manager SQL Injection (SQLi)
Passwords Manager Missing Authorization (BAC) and Add Password + Update Encryption Key
Passwords Manager Unauthenticated SQL Injection (SQLi)
Restrict Anonymous Access Cross-Site Scripting (XSS)
Restrict Content Unauthenticated Content Restriction Bypass (BAC) and Private Information Exposure
Safe Ai Malware Protection for WP Missing Authorization (BAC) and Unauthenticated Database Export (BAC)
Secure CAPTCHA Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
Stop Comment Spam Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
WH Cache & Security Cross-Site Scripting (XSS)
WordPress Additional Logins Cross-Site Scripting (XSS)
WP Contact Form7 Email Spam Blocker Cross-Site Scripting (XSS)
WP Front-end login and register Cross-Site Scripting (XSS)
WordPress Security CVE (plugin vulnerabilities) reported in 2023: 396
ALL WordPress CVE (core+plugin+theme vulnerabilities) reported in 2023: 5853
 
WordPress Security CVE (plugin vulnerabilities) reported in 2024: 351
ALL WordPress CVE (core+plugin+theme vulnerabilities) reported so far in 2024: 7614
 
WordPress Security CVE (plugin vulnerabilities) reported in 2025: 85
ALL WordPress CVE (core+plugin+theme vulnerabilities) reported so far in 2025: 2207
Contact your online project manager:

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or β€œonline emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.
WP Security CVE

Security isn’t something that you can just do once. It's something that's constantly evolving and you need to regularly update your site’s security standards and conduct routine website safety checks if you want to stay protected. There isn’t a way to 100% protect your website from hackers and other malicious attempts. But, if you want to give your site the highest level of protection possible, then it’s a good idea to update immediately these WP Security CVE plugins.

You rely on a Security guard that currently is sleeping!

Order managed security services today:

ultrai managed SECURITY

Table Of Contents


A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

ultrai.ae managed online administration Β© 2023 - 2025 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send only one email per month related to our managed services. Topics contain: general updates about WP & Woo, Security, Speed, Privacy, Theme.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.