Hong Kong Security Advisory Tariffuxx SQL Injection(CVE202510682)
WordPress TARIFFUXX plugin <= 1.4 - Authenticated (Contributor+) SQL Injection via tariffuxx_configurator Shortcode vulnerability
Hong Kong NGO Alert Zip Attachment Disclosure(CVE202511701)
WordPress Zip Attachments plugin <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure vulnerability
Hong Kong Civil Society Alert BookWidgets XSS(CVE202510139)
WordPress WP BookWidgets plugin <= 0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Community Advisory Authenticated Editor SQL Injection onOffice(CVE202510045)
WordPress onOffice pour le plugin WP-Websites <= 5.7 - Vulnérabilité d'injection SQL authentifiée (Éditeur+)
Community Alert FunKItools CSRF Threatens Site Settings(CVE202510301)
WordPress FunKItools plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability
Security Advisory Ova Advent Plugin XSS Risk(CVE20258561)
WordPress Ova Advent plugin <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Community Security Notice OwnID Authentication Bypass(CVE202510294)
WordPress OwnID Passwordless Login plugin <= 1.3.4 - Authentication Bypass vulnerability
Avis de sécurité Vulnérabilité de statut de commande Oceanpayment (CVE202511728)
Plugin de passerelle de carte de crédit Oceanpayment WordPress <= 6.0 - Vulnérabilité de mise à jour de statut de commande non authentifiée manquante
Alerte de sécurité HK Connexion externe Injection SQL (CVE202511177)
Plugin de connexion externe WordPress <= 1.11.2 - Injection SQL non authentifiée via la vulnérabilité de journal
Hong Kong Cybersecurity Group Warns WPBakery XSS(CVE202511160)
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module vulnerability