Community Notice Felan Plugin Hardcoded Credentials(CVE202510850)
WordPress Felan Framework plugin <= 1.1.4 - Hardcoded Credentials vulnerability
Public Security Notice Truelysell Password Vulnerability(CVE202510742)
WordPress Truelysell Core plugin <= 1.8.6 - Unauthenticated Arbitrary User Password Change vulnerability
Community Alert Felan Framework Unauthorised Plugin Activation(CVE202510849)
WordPress Felan Framework plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions vulnerability
Hong Kong Security Alert BookWidgets XSS(CVE202510139)
WordPress WP BookWidgets plugin <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Advisory WPBakery Stored Cross Site Scripting(CVE202511160)
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module vulnerability
Hong Kong Alert Simple SEO Stored XSS(CVE202510357)
WordPress Simple SEO plugin < 2.0.32 - Contributor+ Stored XSS vulnerability
Hong Kong Security Advisory Zip Attachments Deletion(CVE202511692)
WordPress Zip Attachments plugin <= 1.6 - Missing Authorization to Limited File Deletion vulnerability
Community Security Alert Keyy Two Factor Vulnerability(CVE202510293)
WordPress Keyy Two Factor Authentication (like Clef) plugin <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover vulnerability
HK Security Advisory WPBakery Cross Site Scripting(CVE202511161)
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode vulnerability
Hong Kong Security Alert DocoDoco Upload Flaw(CVE202510754)
WordPress DocoDoco Store Locator plugin <= 1.0.1 - Authenticated (Editor+) Arbitrary File Upload vulnerability
English 
Chinese (Hong Kong) 
Chinese (China)