WP Security

Browsing Category

WordPress Vulnerability Database

566 posts
WWordPress Vulnerability Database

Community Alert Missing Authorization in Membership Plugin(CVE202511835)

  • November 5, 2025
WordPress Paid Membership Subscriptions plugin <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal vulnerability
WWordPress Vulnerability Database

Community Alert Image Comparison Addon Unauthorized Upload(CVE202510896)

  • November 4, 2025
WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability
WWordPress Vulnerability Database

Community Alert Image Comparison Addon Upload Vulnerability(CVE202510896)

  • November 4, 2025
WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability
WWordPress Vulnerability Database

Security Advisory CSRF in Navigation Links Plugin(CVE202512188)

  • November 4, 2025
WordPress Posts Navigation Links for Sections and Headings plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability
WWordPress Vulnerability Database

DominoKit Plugin Poses Public Security Risk(CVE202512350)

  • November 4, 2025
WordPress DominoKit plugin <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update vulnerability
WWordPress Vulnerability Database

Hong Kong Security Advisory Plugin Privilege Escalation(CVE202512158)

  • November 4, 2025
WordPress Simple User Capabilities plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
WWordPress Vulnerability Database

Hong Kong Security Alert Payeer Payment Bypass(CVE202511890)

  • November 4, 2025
WordPress Crypto Payment Gateway with Payeer for WooCommerce plugin <= 1.0.3 - Unauthenticated Payment Bypass vulnerability
WWordPress Vulnerability Database

Hong Kong Security Advisory Post SMTP Exposure(CVE202511833)

  • November 3, 2025
WordPress Post SMTP plugin <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability
WWordPress Vulnerability Database

Protecting Hong Kong Websites Against SiteSEO Vulnerability(CVE202512367)

  • November 3, 2025
WordPress SiteSEO plugin <= 1.3.1 - Missing Authorization to Authenticated (Author+) Plugin Settings Update vulnerability
WWordPress Vulnerability Database

Hong Kong Security Advisory Discourse Plugin Leak(CVE202511983)

  • November 3, 2025
WordPress WP Discourse plugin <= 2.5.9 - Authenticated (Author+) Information Exposure vulnerability
WP Security
© 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners.
en_USEnglish
zh_HKChinese (Hong Kong) zh_CNChinese (China) en_USEnglish

Review My Order

0

Subtotal

Taxes & shipping calculated at checkout

Checkout

 
0