Hong Kong WordPress The7 Stored XSS Alert(CVE20257726)
WordPress The7 plugin <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes vulnerability
Hong Kong Security Unauthenticated SQL Injection CleverReach(CVE20257036)
WordPress CleverReach WP plugin <= 1.5.20 - Unauthenticated SQL Injection via title Parameter vulnerability
Hong Kong Security NGO Warns FundEngine LFI(CVE202548302)
WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability
Hong Kong Security Alerts GravityWP LFI(CVE202549271)
WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability
Urgent MapSVG WordPress SQL Injection Risk(CVE202554669)
WordPress MapSVG Plugin < 8.7.4 - SQL Injection Vulnerability
Hong Kong Security Advisory WordPress IDonatePro Flaw(CVE202530639)
WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability
Hong Kong Security Advisory Eventin Email Change(CVE20254796)
WordPress Eventin plugin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover vulnerability
Hong Kong Security Advisory OpenStreetMap WordPress XSS(CVE20256572)
WordPress OpenStreetMap for Gutenberg and WPBakery Page Builder plugin <= 1.2.0 - Contributor+ Stored XSS vulnerability
HK Security Alerts WordPress PHP Object Injection(CVE202554007)
WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability
Lead Capturing Pages Arbitrary Content Deletion Vulnerability(CVE202531425)
WordPress WP Lead Capturing Pages plugin <= 2.3 - Arbitrary Content Deletion vulnerability