NEXForms Authenticated Admin SQL Injection Alert(CVE202510185)
WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.6 - Authenticated (Admin+) SQL Injection vulnerability
Community Alert Everest Backup Plugin Authorization Failure(CVE202511380)
WordPress Everest Backup plugin <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure vulnerability
Community Advisory WordPress JobHunt Authorization Bypass(CVE20257374)
WordPress WP JobHunt plugin <= 7.6 Authenticated (Custom+) Authorization Bypass vulnerability
Security Advisory TicketSpot Stored Cross Site Scripting(CVE20259875)
WordPress TicketSpot plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Advisory Meks Easy Maps Stored XSS(CVE20259206)
WordPress Meks Easy Maps plugin <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
HK Security Advisory Dynamics 365 CRM Vulnerability(CVE202510746)
WordPress Integrate Dynamics 365 CRM plugin <= 1.0.9 - Missing Authorization vulnerability
Constructor Plugin Authorization Flaw Threatens Community Sites(CVE20259194)
WordPress Constructor plugin <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean vulnerability
Security Advisory Backup Bolt Plugin File Download(CVE202510306)
WordPress Backup Bolt plugin <= 1.4.1 - Authenticated (Admin+) Arbitrary File Download vulnerability
GiveWP Donation Plugin Authorization Flaw Advisory(CVE202511228)
WordPress GiveWP – Donation Plugin and Fundraising Platform plugin <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association vulnerability
Hong Kong Alert WordPress File Upload Flaw(CVE20259212)
WordPress WP Dispatcher plugin <= 1.2.0 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
English 
Chinese (Hong Kong) 
Chinese (China)