CVE-2025-8009

The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'getfilesource' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extra...

WordPress Security Ninja plugin 5.201-5.242 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Security Ninja – Secure Firewall & Secure Malware Scanner versions 5.201-5.242...

WordPress Security Ninja – Secure Firewall & Secure Malware Scanner Plugin < 5.159 is vulnerable to Cross Site Scripting (XSS)

Software Security Ninja – Secure Firewall & Secure Malware Scanner Type Plugin Vulnerable versions 5.159 Fixed in 5.159 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Security Ninja PSID 6acc36b932c4...

WordPress Security Ninja – Secure Firewall & Secure Malware Scanner plugin < 5.136 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Security Ninja – Secure Firewall & Secure Malware Scanner plugin versions 5.136. Solution Update the WordPress Security Ninja – Secure Firewall & Secure Malware Scanner plugin to the latest available...