-
·
CVE-2025-58196: WordPress UiCore Elements Plugin – Cross Site Scripting (XSS) Vulnerability
I have recently reported an Authenticated (Contributor+) Stored Cross-Site Scripting (XSS) vulnerability in the WordPress UiCore Elements plugin in versions up to and including 1.3.3. The vulnerability exists in the Accordion widget due to improper handling of HTML tag attributes, allowing malicious scripts to be injected and executed in a user’s browser session. This has…
-
·
CVE-2025-55715: High Risk Sensitive Information Exposure Affecting 300,000+ Websites
I recently discovered an unauthenticated sensitive information exposure vulnerability in the WordPress Otter Blocks plugin. It has been assigned CVE-2025-55715 and published in the patchstack database. Over 300,000 websites were affected by this vulnerability. The plugin exposes sensitive content due to a lack of access restrictions on a dynamic content REST endpoint. This should be…
-
·
CVE-2025-54708: XSS Vulnerability in WordPress B-Blocks Plugin
Detailed analysis of CVE-2025-54708 stored XSS vulnerability in WordPress B-Blocks plugin. Learn exploitation techniques, impact assessment, and security fixes.
-
·
Escaping vs. Sanitization in WordPress: A Developer’s Guide
If you’ve worked with WordPress or PHP, you’ve probably heard people talk about “escaping” and “sanitization.” These two terms are often used interchangeably, but they are not the same thing. They solve different problems at different stages of handling user input and output. In this guide, we’ll dive deeper into what they mean, why they’re…
-
·
My July 2025 Contribution to WordPress Security
Alhamdulillah! In July 2025, I had the opportunity to contribute to the security of the WordPress ecosystem by responsibly reporting vulnerabilities through the Patchstack Bug Bounty Program. Throughout the month, I identified and reported 22 security vulnerabilities across 21 different WordPress plugins. Each of these findings was responsibly disclosed so developers could address the issues…
-
·
How to Check WordPress Plugin Compatibility with wp-since on xCloud
Introduction Ensuring your WordPress plugins are compatible with your site’s WP version is crucial for performance and security. I recently discovered wp-since, a handy tool that scans plugins for compatibility issues by checking functions, classes, methods, and hooks against WordPress core versions. Here’s how I set it up for my site hosted on xCloud. Step…