WP Security

WP Security Vulnerability Report

1000 posts
WWordPress Vulnerability Database

Community Security Alert Wishlist Plugin Deletion Flaw(CVE202512087)

  • November 12, 2025
WordPress Wishlist and Save for later for Woocommerce plugin <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion vulnerability
WWordPress Vulnerability Database

Add Multiple Marker Plugin Unauthorized Settings Risk(CVE202511999)

  • November 11, 2025
WordPress Add Multiple Marker plugin <= 1.2 - Missing Authorization to Unauthenticated Settings Update vulnerability
WWordPress Vulnerability Database

Hong Kong Security Alert Unauthenticated Information Exposure(CVE202511997)

  • November 10, 2025
WordPress Document Pro Elementor – Documentation & Knowledge Base plugin <= 1.0.9 - Unauthenticated Information Exposure vulnerability
WWordPress Vulnerability Database

Hong Kong Security Alert FunnelKit Vulnerability(CVE202510567)

  • November 10, 2025
WordPress FunnelKit plugin < 3.12.0.1 - Reflected XSS vulnerability
WWordPress Vulnerability Database

ZoloBlocks Access Control Vulnerability Community Advisory(CVE202549903)

  • November 9, 2025
WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability
WWordPress Vulnerability Database

Community Alert Easy Digital Downloads Order Risk(CVE202511271)

  • November 9, 2025
WordPress Easy Digital Download plugin <= 3.5.2 - Insufficient Verification to Order Manipulation vulnerability
WWordPress Vulnerability Database

Public Security Advisory Events Calendar SQL Injection(CVE202512197)

  • November 8, 2025
WordPress The Events Calendar plugin 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s vulnerability
WWordPress Vulnerability Database

Community Advisory LC Wizard Plugin Authorization Flaw(CVE20255483)

  • November 7, 2025
WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability
WWordPress Vulnerability Database

Hong Kong Cybersecurity Alert IDonate Account Takeover(CVE20254519)

  • November 7, 2025
WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability
WWordPress Vulnerability Database

Hong Kong Security Advisory Gravity Forms Flaw(CVE202512352)

  • November 7, 2025
WordPress Gravity Forms plugin <= 2.9.20 - Unauthenticated Arbitrary File Upload via 'copy_post_image' vulnerability
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0
English
Chinese (Hong Kong) Chinese (China) Spanish Hindi French