wordpress 2 Exploiting a PHP Object Injection in Profile Builder Pro in the era of AI Mar 19, 2026 Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions in Prevent Direct Access Wordpress Plugin (CVE-2025-3861) Apr 24, 2025