Hong Kong Security Alert Skyword Stored XSS(CVE202411907)
WordPress Skyword API Plugin plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Alert TablePress Stored XSS Vulnerability(CVE20259500)
WordPress TablePress plugin <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter vulnerability
Hong Kong Security Advisory Ocean Extra XSS(CVE20259499)
WordPress Ocean Extra plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode vulnerability
Security Advisory Booster for WooCommerce File Upload(CVE202413342)
WordPress Booster for WooCommerce plugin <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload vulnerability
Hong Kong Security Advisory Slider Revolution Vulnerability(CVE20259217)
WordPress Slider Revolution plugin <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images' vulnerability
Hong Kong Security Alert iATS SQL Injection(CVE20259441)
WordPress iATS Online Forms plugin <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter vulnerability
Security Alert Related Posts Lite CSRF Vulnerability(CVE20259618)
WordPress Related Posts Lite plugin <= 1.12 - Cross-Site Request Forgery vulnerability
CSRF Vulnerability in Ultimate Tag Warrior Importer(CVE20259374)
WordPress Ultimate Tag Warrior Importer plugin <= 0.2 - Cross-Site Request Forgery vulnerability
Security Alert LWSCache Authorization Bypass Risk(CVE20258147)
WordPress LWSCache plugin <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function vulnerability
Security Advisory List Subpages Plugin Stored XSS(CVE20258290)
WordPress List Subpages plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter vulnerability