Hong Kong Security Alert WordPress Map Injection(CVE202511365)
WordPress WP Google Map Plugin plugin
HK Security Alert Quick Featured Images Flaw(CVE202511176)
WordPress Quick Featured Images plugin <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation vulnerability
Hong Kong Security Advisory WordPress BlindMatrix LFI(CVE202510406)
WordPress BlindMatrix e-Commerce plugin < 3.1 - Contributor+ LFI vulnerability
Community Notice Felan Plugin Hardcoded Credentials(CVE202510850)
WordPress Felan Framework plugin <= 1.1.4 - Hardcoded Credentials vulnerability
Public Security Notice Truelysell Password Vulnerability(CVE202510742)
WordPress Truelysell Core plugin <= 1.8.6 - Unauthenticated Arbitrary User Password Change vulnerability
Community Alert Felan Framework Unauthorised Plugin Activation(CVE202510849)
WordPress Felan Framework plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions vulnerability
Hong Kong Security Alert BookWidgets XSS(CVE202510139)
WordPress WP BookWidgets plugin <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Advisory WPBakery Stored Cross Site Scripting(CVE202511160)
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module vulnerability
Hong Kong Alert Simple SEO Stored XSS(CVE202510357)
WordPress Simple SEO plugin < 2.0.32 - Contributor+ Stored XSS vulnerability
Hong Kong Security Advisory Zip Attachments Deletion(CVE202511692)
WordPress Zip Attachments plugin <= 1.6 - Missing Authorization to Limited File Deletion vulnerability
Community Security Alert Keyy Two Factor Vulnerability(CVE202510293)
WordPress Keyy Two Factor Authentication (like Clef) plugin <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability