Security Advisory Arbitrary Order Refund Vulnerability(CVE202510570)
WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund vulnerability
Urgent Alert PixelYourSite GDPR Settings Exploited(CVE202510588)
WordPress PixelYourSite plugin <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification vulnerability
Security Advisory Optimole Image IDOR Vulnerability(CVE202511519)
WordPress Image optimization service by Optimole plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload vulnerability
Community Alert LearnPress Unauthenticated Database Access(CVE202511372)
WordPress LearnPress – Plugin LMS WordPress <= 4.2.9.3 - Autorisation Manquante pour la Manipulation de Table de Base de Données Non Authentifiée
Theme Editor CSRF Risks Remote Code Execution(CVE20259890)
WordPress Theme Editor plugin <= 3.0 - Cross-Site Request Forgery to Remote Code Execution vulnerability
Avis Urgent Failles d'Autorisation de Base de Données LearnPress(CVE202511372)
WordPress LearnPress – Plugin LMS WordPress <= 4.2.9.3 - Autorisation Manquante pour la Manipulation de Table de Base de Données Non Authentifiée
Hong Kong GSpeech TTS Security Advisory(CVE202510187)
WordPress GSpeech TTS – WordPress Text To Speech Plugin plugin <= 3.17.13 - Authenticated (Admin+) SQL injection vulnerability
Hong Kong Security Notice PPOM SQL Injection(CVE202511691)
WordPress PPOM – Product Addons & Custom Fields for WooCommerce plugin <= 33.0.15 - Unauthenticated SQL Injection vulnerability
Avis public sur l'empoisonnement du cache du plugin WordPress Map (CVE202511703)
Plugin WordPress WP Go Maps (anciennement WP Google Maps) <= 9.0.48 - Vulnérabilité d'empoisonnement de cache non authentifié
Hong Kong Security Alert WPBakery XSS Risk(CVE202510006)
WordPress WPBakery Page Builder plugin <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability