Media Author Plugin Broken Access Control Advisory(CVE202558841)
WordPress Media Author Plugin <= 1.0.4 - Broken Access Control Vulnerability
Atec Debug Plugin Administrator File Deletion Risk(CVE20259518)
WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability
Hong Kong Security Advisory Make Connector Vulnerability(CVE20256085)
WordPress Make Connector plugin <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
Hong Kong Security Alert Skyword Stored XSS(CVE202411907)
WordPress Skyword API Plugin plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Alert TablePress Stored XSS Vulnerability(CVE20259500)
WordPress TablePress plugin <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter vulnerability
Hong Kong Security Advisory Ocean Extra XSS(CVE20259499)
WordPress Ocean Extra plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode vulnerability
Security Advisory Booster for WooCommerce File Upload(CVE202413342)
WordPress Booster for WooCommerce plugin <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload vulnerability
Hong Kong Security Advisory Slider Revolution Vulnerability(CVE20259217)
WordPress Slider Revolution plugin <= 6.7.36 - Authenticated (Contributor+) Arbitrary File Read via 'used_svg' and 'used_images' vulnerability
Hong Kong Security Alert iATS SQL Injection(CVE20259441)
WordPress iATS Online Forms plugin <= 1.2 - Authenticated (Contributor+) SQL Injection via order Parameter vulnerability
Security Alert Related Posts Lite CSRF Vulnerability(CVE20259618)
WordPress Related Posts Lite plugin <= 1.12 - Cross-Site Request Forgery vulnerability