Hong Kong Security Avatar Migration Authorization Flaw(CVE20258482)
WordPress Simple Local Avatars plugin <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration vulnerability
Hong Kong Security WordPress Stock Quotes XSS(CVE20258688)
WordPress Inline Stock Quotes plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode vulnerability
Hong Kong Security NGO warns WordPress XSS(CVE20258685)
WordPress Wp chart generator plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpchart Shortcode vulnerability
GMap Venturit Stored XSS Alert for HK(CVE20258568)
WordPress GMap - Venturit plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter vulnerability
Authenticated CSV Injection in AnWP Football Leagues(CVE20258767)
WordPress AnWP Football Leagues plugin <= 0.16.17 - Authenticated (Administrator+) CSV Injection vulnerability
Hong Kong WordPress UiCore Unauthorised File Read(CVE20256253)
WordPress UiCore Elements plugin <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read vulnerability
HK Security Alerts Elementor Image Import Flaw(CVE20258081)
WordPress Elementor plugin <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import vulnerability
Hong Kong security NGO flags CBX CSRF(CVE20257965)
WordPress CBX Restaurant Booking plugin <= 1.2.1 - Plugin Reset via CSRF vulnerability
Hong Kong WordPress The7 Stored XSS Alert(CVE20257726)
WordPress The7 plugin <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes vulnerability
Hong Kong Security Unauthenticated SQL Injection CleverReach(CVE20257036)
WordPress CleverReach WP plugin <= 1.5.20 - Unauthenticated SQL Injection via title Parameter vulnerability
English 
Chinese (Hong Kong) 
Chinese (China)