Security Advisory Optimole Image IDOR Vulnerability(CVE202511519)
WordPress Image optimization service by Optimole plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload vulnerability
Community Alert LearnPress Unauthenticated Database Access(CVE202511372)
WordPress LearnPress – WordPress LMS Plugin plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation vulnerability
Theme Editor CSRF Risks Remote Code Execution(CVE20259890)
WordPress Theme Editor plugin <= 3.0 - Cross-Site Request Forgery to Remote Code Execution vulnerability
Urgent Advisory LearnPress Database Authorization Flaw(CVE202511372)
WordPress LearnPress – WordPress LMS Plugin plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation vulnerability
Hong Kong GSpeech TTS Security Advisory(CVE202510187)
WordPress GSpeech TTS – WordPress Text To Speech Plugin plugin <= 3.17.13 - Authenticated (Admin+) SQL injection vulnerability
Hong Kong Security Notice PPOM SQL Injection(CVE202511691)
WordPress PPOM – Product Addons & Custom Fields for WooCommerce plugin <= 33.0.15 - Unauthenticated SQL Injection vulnerability
Public Advisory WordPress Map Plugin Cache Poisoning(CVE202511703)
WordPress WP Go Maps (formerly WP Google Maps) plugin <= 9.0.48 - Unauthenticated Cache Poisoning vulnerability
Hong Kong Security Alert WPBakery XSS Risk(CVE202510006)
WordPress WPBakery Page Builder plugin <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Security Alert PowerBI Plugin Data Exposure(CVE202510750)
WordPress PowerBI Embed Reports plugin <= 1.2.0 - Unauthenticated Sensitive Information Disclosure vulnerability
Hong Kong Security Advisory Event Tickets Bypass(CVE202511517)
WordPress Event Tickets and Registration plugin <= 5.26.5 - Unauthenticated Ticket Payment Bypass vulnerability