Hong Kong NGO Alert Zip Attachment Disclosure(CVE202511701)
WordPress Zip Attachments plugin <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure vulnerability
Hong Kong Civil Society Alert BookWidgets XSS(CVE202510139)
WordPress WP BookWidgets plugin <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Advisory Authenticated Editor SQL Injection onOffice(CVE202510045)
WordPress onOffice for WP-Websites plugin <= 5.7 - Authenticated (Editor+) SQL Injection vulnerability
Aviso de Seguridad Ova Advent Plugin Riesgo de XSS (CVE20258561)
WordPress Ova Advent plugin <= 1.1.7 - Autenticado (Contribuyente+) Vulnerabilidad de Cross-Site Scripting almacenado a través de Shortcode
Alerta de la comunidad FunKItools CSRF Amenaza a la configuración del sitio (CVE202510301)
Plugin FunKItools de WordPress <= 1.0.2 - Vulnerabilidad de Falsificación de Solicitud entre Sitios para la actualización de configuraciones
Community Security Notice OwnID Authentication Bypass(CVE202510294)
Plugin de Inicio de Sesión Sin Contraseña OwnID de WordPress <= 1.3.4 - Vulnerabilidad de Bypass de Autenticación
Security Advisory Oceanpayment Order Status Vulnerability(CVE202511728)
WordPress Oceanpayment CreditCard Gateway plugin <= 6.0 - Missing Authentication to Unauthenticated Order Status Update vulnerability
HK Security Alert External Login SQL Injection(CVE202511177)
WordPress External Login plugin <= 1.11.2 - Unauthenticated SQL Injection via log vulnerability
Hong Kong Cybersecurity Group Warns WPBakery XSS(CVE202511160)
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module vulnerability
Community Advisory URLYar Stored XSS Risk(CVE202510133)
WordPress URLYar plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability