Hong Kong Security Notice PPOM SQL Injection(CVE202511691)
WordPress PPOM – Product Addons & Custom Fields for WooCommerce plugin <= 33.0.15 - Unauthenticated SQL Injection vulnerability
Public Advisory WordPress Map Plugin Cache Poisoning(CVE202511703)
WordPress WP Go Maps (formerly WP Google Maps) plugin <= 9.0.48 - Unauthenticated Cache Poisoning vulnerability
Hong Kong Security Alert WPBakery XSS Risk(CVE202510006)
WordPress WPBakery Page Builder plugin <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Security Alert PowerBI Plugin Data Exposure(CVE202510750)
WordPress PowerBI Embed Reports plugin <= 1.2.0 - Unauthenticated Sensitive Information Disclosure vulnerability
Hong Kong Security Advisory Event Tickets Bypass(CVE202511517)
WordPress Event Tickets and Registration plugin <= 5.26.5 - Unauthenticated Ticket Payment Bypass vulnerability
Community Alert Theme Editor CSRF Enables RCE(CVE20259890)
WordPress Theme Editor plugin <= 3.0 - Cross-Site Request Forgery to Remote Code Execution vulnerability
Hong Kong Security Alert WordPress Map Injection(CVE202511365)
WordPress WP Google Map Plugin plugin <= 1.0 - Authenticated (Contributor+) SQL Injection vulnerability
HK Security Alert Quick Featured Images Flaw(CVE202511176)
WordPress Quick Featured Images plugin <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation vulnerability
Hong Kong Security Advisory WordPress BlindMatrix LFI(CVE202510406)
WordPress BlindMatrix e-Commerce plugin < 3.1 - Contributor+ LFI vulnerability
Community Notice Felan Plugin Hardcoded Credentials(CVE202510850)
WordPress Felan Framework plugin <= 1.1.4 - Hardcoded Credentials vulnerability