Community Alert Authenticated Stored Cross Site Scripting(CVE20258618)
WordPress WPC Smart Quick View for WooCommerce plugin <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode vulnerability
Community Advisory Contact Form 7 Injection Risk(CVE20258145)
WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection vulnerability
Community Security Alert Easy Digital Downloads CSRF(CVE20258102)
WordPress Easy Digital Downloads plugin <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions vulnerability
Hong Kong Security Advisory FunnelKit Privilege Escalation(CVE20257654)
Urgent: Privilege Escalation in Automation By Autonami (FunnelKit) — What WordPress Site Owners Must Do Now Plugin Name…
Alert Nexter Blocks Stored Cross Site Scripting(CVE20258567)
WordPress Nexter Blocks plugin <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability
Hong Kong NGO alerts contributors about XSS(CVE20257496)
WordPress WPC Smart Compare for WooCommerce plugin <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
Hong Kong Security Advisory FunnelKit Privilege Escalation(CVE20257654)
WordPress FunnelKit plugin <= 3.11.0.2 - Privilege Escalation vulnerability
Community Advisory Real Spaces Administrator Escalation(CVE20256758)
WordPress Real Spaces - WordPress Properties Directory Theme plugin <= 3.6 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register' vulnerability
Community Alert Cloudflare Image Resizing Exploit(CVE20258723)
WordPress Cloudflare Image Resizing plugin <= 1.5.6 - Missing Authentication to Unauthenticated Remote Code Execution via rest_pre_dispatch Hook vulnerability
Hong Kong Security Advisory Flexible Maps XSS(CVE20258622)
WordPress Flexible Maps plugin <= 1.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flexible Maps Shortcode vulnerability