Hong Kong Security Advisory Arbitrary Image Move(CVE202512494)
WordPress Image Gallery – Photo Grid & Video Gallery plugin <= 2.12.28 - Improper Authorization to Authenticated (Author+) Arbitrary Image File Move vulnerability
Community Security Alert Wishlist Plugin Deletion Flaw(CVE202512087)
WordPress Wishlist and Save for later for Woocommerce plugin <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion vulnerability
Add Multiple Marker Plugin Unauthorized Settings Risk(CVE202511999)
WordPress Add Multiple Marker plugin <= 1.2 - Missing Authorization to Unauthenticated Settings Update vulnerability
Hong Kong Security Alert Unauthenticated Information Exposure(CVE202511997)
WordPress Document Pro Elementor – Documentation & Knowledge Base plugin <= 1.0.9 - Unauthenticated Information Exposure vulnerability
Alerta de seguridad de Hong Kong Vulnerabilidad FunnelKit(CVE202510567)
Plugin FunnelKit de WordPress < 3.12.0.1 - Vulnerabilidad de XSS reflejado
ZoloBlocks Access Control Vulnerability Community Advisory(CVE202549903)
WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability
Alerta comunitaria Riesgo de pedido de Easy Digital Downloads (CVE202511271)
Plugin Easy Digital Download de WordPress <= 3.5.2 - Vulnerabilidad de verificación insuficiente para la manipulación de pedidos
Public Security Advisory Events Calendar SQL Injection(CVE202512197)
WordPress The Events Calendar plugin 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s vulnerability
Community Advisory LC Wizard Plugin Authorization Flaw(CVE20255483)
WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability
Hong Kong Cybersecurity Alert IDonate Account Takeover(CVE20254519)
WordPress IDonate plugin 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password Function vulnerability