Hong Kong Security Alert ShortcodeHub Stored XSS(CVE20257957)
WordPress ShortcodeHub plugin <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter vulnerability
Community Alert Authenticated XSS in WS Addons(CVE20258062)
WordPress WS Theme Addons plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ws_weather Shortcode vulnerability
Advisory Cross Site Request Forgery Restore Plugin(CVE20257839)
WordPress Restore Permanently delete Post or Page Data plugin <= 1.0 - Cross-Site Request Forgery vulnerability
Hong Kong Security Alert WordPress Feed Deletion(CVE20257828)
WordPress WP Filter & Combine RSS Feeds plugin <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion vulnerability
Hong Kong Security Advisory Talroo Plugin XSS(CVE20258281)
WordPress WP Talroo plugin <= 2.4 - Reflected XSS vulnerability
Hong Kong Security Alert Silencesoft RSS CSRF(CVE20257842)
WordPress Silencesoft RSS Reader plugin <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion vulnerability
HK NGO Warns Fluent Support CSRF Risk(CVE202557885)
Plugin Name Fluent Support Type of Vulnerability CSRF CVE Number CVE-2025-57885 Urgency Low CVE Publish Date 2025-08-22 Source…
Hong Kong Security Notice WPPizza Access Vulnerability(CVE202557894)
WordPress WPPizza Plugin <= 3.19.8 - Broken Access Control Vulnerability
Hong Kong Security Advisory Greenshift Access Flaw(CVE202557884)
WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability
Community Advisory Accessibility Plugin IDOR(CVE202557886)
WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability