HK Security NGO Warns WPGYM Admin Flaw(CVE20256080)
WordPress WPGYM plugin <= 67.7.0 - Missing Authorization to Admin Account Creation vulnerability
Hong Kong Security Alert WordPress Calendar XSS(CVE20258293)
WordPress Intl DateTime Calendar plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter vulnerability
Hong Kong Security NGO Warns WordPress SQLi(CVE202412612)
WordPress School Management System for Wordpress plugin <= 93.2.0 - Unauthenticated SQL Injection vulnerability
Hong Kong Security Watch WordPress CSRF XSS(CVE20257668)
WordPress Linux Promotional Plugin plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Hong Kong Advisory Authenticated Anber Elementor XSS(CVE20257440)
WordPress Anber Elementor Addon plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Carousel button link vulnerability
WordPress Icons Factory Unauthenticated Deletion Vulnerability(CVE20257778)
Plugin Name Icons Factory Type of Vulnerability Unauthenticated File Deletion CVE Number CVE-2025-7778 Urgency High CVE Publish Date…
WordPress Lastfm Album Artwork CSRF Stored XSS(CVE20257684)
Plugin Name Last.fm Recent Album Artwork Type of Vulnerability CSRF and XSS CVE Number CVE-2025-7684 Urgency Low CVE…
HK Security Advisory Authenticated WordPress Bokun XSS(CVE20256221)
Plugin Name Embed Bokun Type of Vulnerability Authenticated Stored XSS CVE Number CVE-2025-6221 Urgency Low CVE Publish Date…
Hong Kong Alerts WordPress CSRF To XSS(CVE20257686)
Plugin Name weichuncai(WP伪春菜) Type of Vulnerability Stored XSS CVE Number CVE-2025-7686 Urgency Medium CVE Publish Date 2025-08-15 Source…
Hong Kong Security WordPress README Parser XSS(CVE20258720)
WordPress Plugin README Parser plugin <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via target Parameter vulnerability