🛡 WP SecureStack
Latest known security vulnerabilities affecting WordPress plugins, themes, and core. Updated weekly. Filter by severity or component type using the tag links.
-
Masteriyo LMS <= 2.1.6 – Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator
The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the ‘InstructorsController::prepare_object_for_database’ function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that…
-
How to Detect and Fix Vulnerable Plugins in WordPress
This paragraph serves as an introduction to your blog post. Begin by discussing the primary theme or topic that you plan to cover, ensuring it captures the reader’s interest from the very first sentence. Share a brief overview that highlights why this topic is important and how it can provide value. Use this space to…
-
Top 10 WordPress Security Plugins Reviewed
This paragraph serves as an introduction to your blog post. Begin by discussing the primary theme or topic that you plan to cover, ensuring it captures the reader’s interest from the very first sentence. Share a brief overview that highlights why this topic is important and how it can provide value. Use this space to…
Current Threat Level
Elevated ⚠️
Multiple active CVEs targeting WooCommerce Payments and Contact Form 7 this week.
Understanding the Tags
critical / high / medium / low — CVSS severity rating
plugin / theme / core — affected component type
CVE-XXXX-XXXXX — CVE identifier tag
fixed / unpatched — current patch status
Browse by Tag
Component Type: Plugin CVE-2026-4484 Featured IP Allowlisting Patched:Yes Severity: High WordPress Login Security
Related Security Guides
Responsible Disclosure
Found a vulnerability?
Report it to us. We follow a 90-day responsible disclosure policy and acknowledge within 12 hours.