Community Alert FunKItools CSRF Threatens Site Settings(CVE202510301)
WordPress FunKItools plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability
Security Advisory Ova Advent Plugin XSS Risk(CVE20258561)
WordPress Ova Advent plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Community Security Notice OwnID Authentication Bypass(CVE202510294)
WordPress OwnID Passwordless Login plugin <= 1.3.4 - Authentication Bypass vulnerability
Security Advisory Oceanpayment Order Status Vulnerability(CVE202511728)
WordPress Oceanpayment CreditCard Gateway plugin <= 6.0 - Missing Authentication to Unauthenticated Order Status Update vulnerability
HK Security Alert External Login SQL Injection(CVE202511177)
WordPress External Login plugin <= 1.11.2 - Unauthenticated SQL Injection via log vulnerability
Hong Kong Cybersecurity Group Warns WPBakery XSS(CVE202511160)
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module vulnerability
Community Advisory URLYar Stored XSS Risk(CVE202510133)
WordPress URLYar plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
HK Security Alert WPBakery Cross Site Scripting(CVE202511161)
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode vulnerability
Hong Kong Security Alert WordPress SSO Exposure(CVE202510648)
WordPress Login with YourMembership - YM SSO Login plugin <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moym_display_test_attributes' vulnerability
Community Security Alert Demo Import Kit(CVE202510051)
WordPress Demo Import Kit plugin <= 1.1.0 - Authenticated (Admin+) Arbitrary File Upload vulnerability
English 
Chinese (Hong Kong) 
Chinese (China)