Hong Kong Security Advisory Event Tickets Bypass(CVE202511517)
WordPress Event Tickets and Registration plugin <= 5.26.5 - Unauthenticated Ticket Payment Bypass vulnerability
Community Alert Theme Editor CSRF Enables RCE(CVE20259890)
WordPress Theme Editor plugin <= 3.0 - Cross-Site Request Forgery to Remote Code Execution vulnerability
Hong Kong Security Alert WordPress Map Injection(CVE202511365)
WordPress WP Google Map Plugin plugin <= 1.0 - Authenticated (Contributor+) SQL Injection vulnerability
Alerta de seguridad de HK Fallo en Quick Featured Images(CVE202511176)
Plugin Quick Featured Images de WordPress <= 13.7.2 - Vulnerabilidad de referencia de objeto directo insegura para la manipulación de imágenes
Hong Kong Security Advisory WordPress BlindMatrix LFI(CVE202510406)
WordPress BlindMatrix e-Commerce plugin < 3.1 - Contributor+ LFI vulnerability
Community Notice Felan Plugin Hardcoded Credentials(CVE202510850)
WordPress Felan Framework plugin <= 1.1.4 - Hardcoded Credentials vulnerability
Public Security Notice Truelysell Password Vulnerability(CVE202510742)
WordPress Truelysell Core plugin <= 1.8.6 - Unauthenticated Arbitrary User Password Change vulnerability
Community Alert Felan Framework Unauthorised Plugin Activation(CVE202510849)
WordPress Felan Framework plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions vulnerability
Hong Kong Security Alert BookWidgets XSS(CVE202510139)
WordPress WP BookWidgets plugin <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Advisory WPBakery Stored Cross Site Scripting(CVE202511160)
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module vulnerability