Hong Kong Security NGO WordPress Import XSS(CVE20258490)
WordPress All-in-One WP Migration and Backup plugin <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import vulnerability
Stored XSS in Lazy Load Videos Plugin(CVE20257732)
WordPress Lazy Load for Videos plugin <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes vulnerability
Aviso de Seguridad de Hong Kong Escalación de Privilegios Dokan Pro(CVE20255931)
Plugin Dokan Pro de WordPress <= 4.0.5 - Vulnerabilidad de Escalación de Privilegios Autenticada (Proveedor+)
Community Security Advisory SiteSEO Stored XSS(CVE20259277)
WordPress SiteSEO plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression vulnerability
Hong Kong Security Advisory Shortcode Path Traversal(CVE20258562)
Urgent: Directory Traversal in ‘Custom Query Shortcode’ (≤ 0.4.0) — What WordPress Site Owners Need to Know and…
Hong Kong Security Notice Event List Escalation(CVE20256366)
WordPress Event List plugin <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Alerta de seguridad de Hong Kong plugin CSRF XSS (CVE20256247)
WordPress WordPress Automatic plugin <= 3.118.0 - Vulnerabilidad de Cross-Site Request Forgery a Cross-Site Scripting almacenado
Community Advisory Vibes Plugin SQL Injection Vulnerability(CVE20259172)
WordPress Vibes plugin <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter vulnerability
Community Security Alert CSRF in WordPress Plugin(CVE202548303)
WordPress Post Type Converter plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability